Announcing WSO2 Identity Server 7.2: Powering the Future of CIAM and Secure AI Agents

We are excited to announce the general availability of WSO2 Identity Server 7.2!

This release is a direct response to the massive industry shift toward autonomous artificial intelligence (AI) agents and the growing complexity of business-to-business (B2B) identity. Version 7.2 solidifies our position as a leader in comprehensive customer identity and access management (CIAM) and modern access management by delivering crucial new features that secure your digital future and maximize developer velocity.

Building on the unified architecture introduced in version 7.0, WSO2 Identity Server 7.2 maintains its shared code base with our Asgardeo IDaaS, which is available as a public or private cloud. This means whether you deploy WSO2 Identity Server open source software (OSS) or use the Asgardeo IDaaS, you benefit from the same robust features, ensuring unparalleled flexibility and freedom from vendor lock-in.

Ensuring the security of AI agents: Agentic IAM

As AI agents take on tasks typically handled by people, they require a security model that recognizes their unique operational nature. WSO2 is among the first vendors to address this with robust agent identity management and Model Context Protocol (MCP) authorization.

AI agents are non-human, always-on entities that require more granular, session-based control than traditional human users. WSO2 Identity Server 7.2 provides the specialized security model required to manage this risk.

Agents as first-class entities

WSO2 Identity Server 7.2 introduces the ability to treat AI agents as distinct identities, ensuring auditable and secure access:

• Agent identity lifecycle: Register and manage agents, assigning roles and access levels to determine their privileges, just like human users.
• Agent-friendly authentication: Issue agent-specific credentials and authentication mechanisms (such as tokens for secure communication) designed for non-human interaction.
• Independent auditing: Agent activity can now be fully audited, providing the necessary oversight independent of human user activity.

Securing the Model Context Protocol 

MCP has emerged as the key protocol for enabling AI agents to access corporate resources. Our new functionality ensures these interactions are secure:

• MCP server authorization: Register MCP servers to define precise access controls and enforce consistent authorization rules that protect underlying business resources.
• Compliant client setup: Register MCP clients, creating them as compliant entities and authorizing them with specific scopes to define permitted access to MCP servers.
• Governance of user authentication: Enable crucial governance of user authentication flows for MCP clients.

AI-driven automation for enhanced productivity

In previous releases, we introduced AI-assisted branding and login-flow that leverage AI to make the developer experience simpler and faster, empowering teams to deliver security without requiring deep domain expertise. We are expanding upon these capabilities as follows:

• AI-assisted self-registration flow generation: Developers can now choose between natural language input and no-code drag-and-drop options to secure access.
  
   
• User flow orchestration: Developers can now choose between natural language input and no-code, drag-and-drop options to accelerate the crafting of key user journeys like self-registration, password recovery, and invited user onboarding.
  
   
• AI-assisted MCP authorization setup: Developers can now manage application settings and add secure login flows using AI tools (like GitHub Copilot) directly within their code editor. This dramatically simplifies the implementation of complex features like MFA and user provisioning.

Expanded comprehensive B2B support

Organizations require advanced capabilities to manage identities across their increasingly complex organizational structures, both internally and across external networks that can include partners, subsidiaries, OEMs, and distributors. WSO2 is committed to delivering the industry’s most comprehensive B2B CIAM support, going far beyond basic organizational identity. Previous capabilities provided powerful organization management that enabled enterprises to share their applications with other businesses and delegate administration for managing access to the shared applications. Version 7.2 extends this leadership with new features focused on security and organizational control in complex, multi-level B2B hierarchies.

Simplified management for complex hierarchies

• Streamlined login and security for sub-organizations: Effortlessly manage nested hierarchies by applying consistent login and registration settings from the parent organization. Child organizations can customize or override inherited settings as needed, simplifying governance and reducing repetitive configuration.
  
   
• Selective role sharing for B2B applications: Gain granular control over resource sharing. Enterprises can now decide whether to share all, selected, or no roles when sharing an application with partner organizations. This ensures role sharing aligns perfectly with pricing tiers, service levels, and the least privilege principle.

Comprehensive organizational structure

These capabilities empower enterprises to easily onboard organizations and their users, delegate administration to partners, and flexibly manage the complex, multi-level organization hierarchies of distributors, subsidiaries, and franchises.

Expanded security, governance, and ecosystem features

Beyond our core AI and B2B advancements, version 7.2 delivers several key security and compliance enhancements across the platform:

• Real-time event publishing: Enables identity events (registrations, updates, logins) to be shared in real time with external applications, supporting advanced identity-first security models by sharing all identity events with the related security eco-system. 
  
   
• Advanced account linking: Account linking is now available on any chosen user attribute, providing greater flexibility to configure linking according to unique organizational policies. This enables establishing a 360 degree view of a customer.
  
   
• Revamped workflow-based approval framework: Supports long-running approval workflows for critical user management operations, ensuring audited governance for every action. Workflow approvals support both workforce and B2B use cases where approvals are required for user access. 
  
   
• European digital identity support: Expands integration to support national and regional identity solutions, including Signicat (pan-European), FranceConnect, and Swiss ID. WSO2 is a leader in Government to Citizen (G2C) initiatives, and will continue to support new evolving standards like eIDAS 2.0 as they emerge. 
  
   
• Post-quantum security: Expanded support for post-quantum cryptographic standards covers both inbound and outbound communication, protecting data against potential future quantum-based attacks. This new support extends previous capabilities delivered in prior releases. 

Conclusion 

WSO2 Identity Server 7.2 continues to provide the stability of an enterprise-proven product with the flexibility and innovation of open source software. By focusing on governance, simplified policy management, and developer empowerment, this release gives organizations the control needed to confidently secure their customer, partner, and employee digital experiences.

Like all 7.x releases of WSO2 Identity Server, once you migrate from a previous release, future releases will be simple upgrades, enabling you to take advantage of new capabilities without a prolonged migration effort.

We invite you to experience the future of converged, intelligent IAM today:

• Download WSO2 Identity Server 7.2
• Explore Asgardeo IDaaS