Cisco Duo and Britive: Extending Zero Trust to Human, Non-Human, and Agentic Identities

Cisco continues to build one of the most complete and forward-looking security fabrics in the industry. With platforms such as Duo, ISE, Identity Intelligence, Secure Access, Hypershield, and Splunk, Cisco is setting the standard for an intelligent and unified approach where trust, access, and visibility are continuously enforced across people, workloads, and data. 

The completion of the Cisco Duo and Britive integration marks a major step toward enabling continuous Zero Trust that extends from authentication to runtime access control. Duo ensures the right user and device are trusted to enter. Britive ensures that once inside, every identity, whether human, non-human, or AI-driven, operates with least privilege for the shortest time possible. When the task is complete, access automatically disappears. 

The New Era of Identity Assurance 

Recent advancements in Cisco Duo such as risk-based authentication, adaptive device trust, phishing-resistant MFA, Duo Passport, and proximity verification have strengthened Cisco’s position towards a Zero Trust leader. Duo has also expanded its platform with Duo Directory and Single Sign-On (SSO), simplifying identity management and improving security posture across thousands of applications. Combined with Identity Intelligence and session theft protection, these innovations provide an AI-ready foundation for resilient identity assurance with minimal friction. 

When paired with Britive’s just-in-time privilege management and runtime policy enforcement, organizations can achieve a complete Zero Trust experience that is adaptive, context-aware, and operationally simple. 

From Authentication to Runtime Enforcement 

This is the foundation of Zero Standing Privilege (ZSP). It removes static credentials, reduces over-permissioned roles, and eliminates unnecessary exposure across AWS, Azure, GCP, SaaS, Kubernetes, and on-prem environments. 

According to the Verizon 2024 Data Breach Investigations Report, more than 74 percent of breaches involve identity-related factors. The modern threat landscape has shifted from external intrusion to the misuse of legitimate access, emphasizing the need for continuous identity verification and privilege control across all environments. 

Architecture and Integration Details 

The integration between Cisco Duo and Britive extends Zero Trust from authentication to runtime enforcement using open standards such as SAML, OIDC, and SCIM. 

Integration Overview 

• Duo Authentication Layer: Validates user identity, device health, and context using risk-based, adaptive, and phishing-resistant MFA. 
• Duo Directory and SSO: Manage users, groups, and roles centrally while enabling secure access to applications and cloud services. 
• SCIM Synchronization: Britive automatically imports users, groups, and role attributes from Duo Directory into its Common Policy Framework, maintaining consistent identity context and mapping for privilege management. 
• Britive Runtime Control: Enforces just-in-time (JIT) and just-enough access (JEA) using ephemeral credentials. Policies are applied based on identity, posture, and shared signals from Cisco Identity Intelligence and Secure Access. 
• Observability and Audit: All access events, privilege escalations, and policy decisions are logged and can be forwarded to Splunk for unified analytics and threat correlation. 

Diagram 1: Cisco Duo + Britive Continuous Zero Trust Architecture

Britive Common Policy Framework 

The Britive Common Policy Framework acts as the runtime control plane for authorization and access decisions. It unifies user, role, and environmental context from Duo and Cisco’s identity stack to dynamically determine fine-grained privileges in real time. 

Core Components 

• Profiles and Tenants: Define application or resource contexts across cloud, SaaS, and on-prem systems. 
• User and Group Mapping: Sourced from Duo via SCIM and enriched with identity risk posture. 
• Policy Conditions: Leverage identity, device, and environmental signals from Cisco Identity Intelligence. 
• Integrations: ITSM systems such as ServiceNow or Jira and ChatOps tools such as Slack or Teams for human-in-the-loop approvals. 
• Fine-Grained Permissions: Attribute-based and policy-based access control that adapts dynamically to risk. 
• Ephemeral Access Tokens: Automatically created and revoked when tasks complete

Diagram 2: Britive Common Policy Framework with Cisco Integration

Extending Zero Trust to Agentic AI 

The collaboration also expands into the domain of Agentic AI. As Cisco advances its AgenticOps and Webex AI initiatives, Britive introduces guardrails, governance, privacy, and Safe AI controls that allow enterprises to innovate confidently. 

Through Britive’s integration with AWS Bedrock AgentCore, organizations can apply Zero Standing Privilege principles to AI agents and pipelines accessing sensitive data, APIs, or systems. Each AI agent receives time-bound, context-aware credentials that expire immediately after the task completes, creating a safe and auditable foundation for AI automation. 

This evolution reflects the next phase of identity and access security, protecting not only people but also the digital and agentic workforce that powers modern enterprises. 

Diagram 3: Agentic AI and Non-Human Identity Security Flow

Securing Agentic AI on AWS AgentCore: Duo and Britive Together 

AI agents are no longer experimental. Enterprises are deploying autonomous agents that call APIs, query databases, execute code, and take actions across cloud and SaaS environments on behalf of users and business processes. AWS Bedrock AgentCore has become one of the primary platforms for building and running these agents at enterprise scale, providing the runtime, memory, gateway, and identity infrastructure that production agentic deployments require. As agents move from pilot to production, the identity and access challenge becomes acute: an agent that runs continuously with standing permissions becomes one of the highest-risk identities in the enterprise. 

Cisco Duo and Britive both integrate with AWS Bedrock AgentCore Identity, and together they form a complete, layered security model for agentic workloads. Duo governs who the agent is and what it is allowed to do. Britive governs what credentials it receives to do it, for how long, and ensures they disappear when the task is done. 

Duo handle’s identity assurance and access governance: every agent deployed on AgentCore is registered as a distinct identity in Duo Directory, mapped to a human owner, authenticated at access, and fully logged from the moment it is onboarded. Cisco's new Duo Agentic Identity capability, announced at RSA Conference 2026, extends this further through an MCP gateway that intercepts every tool call an agent makes and evaluates it against policy before it reaches the target system, ensuring no agent action is ungoverned and every action is traceable to an accountable human sponsor. 

In plain terms: if an agent tries to do something it should not, Duo stops it before it ever reaches the system. 

Britive's role in this architecture is outbound runtime enforcement. Through the Britive MCP Gateway, agents running on AgentCore receive Just-in-Time, ephemeral credentials scoped to exactly the resources they need for the duration of a specific task. Whether the agent needs to query a Snowflake data warehouse, access an S3 bucket, call an external API, or invoke a downstream agent via a third-party MCP server, Britive issues a time-bound credential for that specific action and automatically revokes it when the task completes. No standing access, no persistent tokens, no blast radius carried forward from one task to the next. This applies equally to AWS-native resources accessed via AgentCore's IAM tool calling, and to external resources accessed through the Britive Native API layer covering cloud service providers, SaaS platforms, and hybrid environments. 

In plain terms: even if an agent is permitted to act, it only ever holds the keys it needs for that one task, and those keys vanish the moment the task is done. 

Example Scenario 

Consider an enterprise financial services firm running an AI-powered credit risk agent on AWS AgentCore. The agent is triggered by a human analyst through an application, authenticated inbound via IAM and OAuth. Duo Agentic Identity registers the agent, maps it to the analyst as the accountable owner, and enforces which tools and systems it is permitted to invoke. When the agent needs to pull customer transaction data from a Snowflake database to complete its analysis, it requests access through the Britive MCP Gateway. Britive evaluates the request against policy, issues a time-scoped ephemeral credential for that specific Snowflake query, and automatically revokes it when the query completes. The agent never accumulates standing access. Every step is logged, auditable, and traceable. If the agent needs to pass results to a downstream agent or call a third-party analytics API, Britive governs that outbound access as well, ensuring the principle of Zero Standing Privilege holds across the entire agentic workflow, not just at the entry point. 

The division of responsibility between Duo and Britive in this architecture is clean and complementary. Duo owns identity assurance: who is this agent, who is responsible for it, is it authenticated, and is every action it takes governed against a fine-grained policy at the MCP layer. Britive owns runtime privilege enforcement: what specific credentials does this agent receive for this specific task, how long do they last, and are they revoked the moment the task is done. Together, they close the two most critical gaps in agentic AI security, ungoverned agent identity and over-permissive outbound access, delivering a complete Zero Trust model for the agentic workforce that matches the rigor enterprises already apply to human identities. 

Diagram 4: Duo + Britive on AWS AgentCore -  Inbound Authentication and Outbound JIT Enforcement 

Completing the loop with Splunk 

Every privilege grant, credential checkout, revocation, and denial generated by Britive is a structured trust event. When forwarded to Splunk, the SOC gains a complete, high-fidelity record of every action taken by every agent across all connected environments. In the context of agentic AI, this matters enormously. Security operations teams can see not just what a human did, but what each agent did, on whose behalf, which tool it called, what credential it held, and for how long. Britive is working with the Splunk team on a native Splunk app and add-on as part of AWS Security Hub Extended, where Britive is one of 14 curated vendors. This integration brings identity signals from Britive, enriched with authentication context from Duo, directly into Splunk as a primary data source for threat detection, vulnerability management, and compliance reporting. The result is a continuous feedback loop: Duo and Britive govern and enforce at runtime, Splunk makes every decision visible and actionable for the teams responsible for keeping the enterprise safe. 

Aligned Architectures for Continuous Trust 

Britive's identity-centric, cloud-native architecture and runtime enforcement model align naturally with Cisco's Security Fabric vision. The combined solution delivers ephemeral, policy-driven access without static secrets and integrates seamlessly across IT, security, and DevOps ecosystems. 

Leading enterprises such as Fiserv, Toyota Financial Services, Thermo Fisher Scientific, Veterans United, RxBenefits, Scopely, GAP, Forbes and many more rely on Britive to secure access across multi-cloud, SaaS, and hybrid environments. These are the same industries where Cisco's Security Fabric continues to drive innovation and transformation. 

Human, non-human, and agentic identities are all secured under one unified model. This is the future Cisco and Britive are building together.