Building an Enterprise Agent Platform: Enforcing Identity, Data, and API Governance
Summary
Salesforce Engineering outlines a unified governance platform that enforces identity, data, and API controls seamlessly across AI agent workflows. The platform ensures identity propagation and authorization extend throughout multi-system operations, preventing security gaps as agents interact with multiple services. Centralized data governance and API policies unify controls across Salesforce and external integrations, while an AI trust layer handles sensitive data protection during AI model interactions. This approach enables Salesforce teams to build secure, scalable AI agent ecosystems that maintain comprehensive governance and minimize risk across distributed workflows.
Takeaways
- Propagate user and agent identities consistently across multi-system workflows to maintain governance.
- Route all data access through a centralized enforcement layer to prevent governance bypass.
- Leverage MuleSoft and Informatica for unified API and data governance across platforms.
- Use Agentforce Trust Layer to mask sensitive data and prevent data retention by external AI models.
- Implement unified observability via Data 360 to audit and trace agent interactions enterprise-wide.
While enterprises deploy AI agents at a rapid pace, their governance strategies often remain fragmented. Most organizations enforce identity, data access, and API security in separate silos, which creates dangerous gaps as agents move across systems. Salesforce Engineering addresses this by shifting the focus from securing individual agents to enforcing governance at the platform level. We designed a unified governance system across Agentforce , Data 360 , MuleSoft , Informatica , and our core platform to address these gaps and ensure that identity, data, and APIs work together to protect every interaction. Join us as we explore how our team addresses three critical challenges. We show how identity and authorization propagate across multi-system workflows to keep every action secure. We examine how data access controls remain active regardless of how agents process data.