identity.ts or identity.py compile and deploy unchanged. When you add an identity declaration, the CLI wires auth, store scoping, and a frozen runtime.identity envelope into tools and middleware.
Managed Deep Agents is in private beta, available on LangSmith Cloud in the US region only. Join the waitlist to request access.
What identity solves
Without identity, every caller shares the same thread and memory boundary. With identity, Managed Deep Agents answers two questions before the agent runs:
From those answers, Managed Deep Agents scopes:
- Threads — who can open or resume a conversation
- Memory — which durable store namespace the run uses
- Credentials — whose token downstream calls carry (managed modes or your own resolver)
Add an identity declaration
Createidentity.py or identity.ts next to your agent entry and export a named identity. Most projects start from a preset.
mda generates the custom auth handler, injects it into the compiled LangGraph app, and only then enables reserved identity headers and token verification.
Choose a preset
Presets expand to a full ingress, tenancy, and scoping config. Override any field when you need a different ingress or scope.
All presets default to
trusted_backend ingress and tenancy: "single", except multi-tenant-saas which sets tenancy: "multi".
Ingress: how Managed Deep Agents learns who is calling
Pick one HTTP ingress mode.Trusted backend
Your API authenticates the user, then proxies LangGraph requests with a shared ingress secret and reserved identity headers. The browser never sends the secret or raw IdP tokens to Managed Deep Agents. Required headers (case-insensitive):MDA_INGRESS_SECRET in .env for mda dev and as a hosted deployment secret for mda deploy. Your production backend should perform OAuth or session auth, then attach the headers above when proxying agent traffic.
Validated token (browser-direct)
The client sendsAuthorization: Bearer <token>. Managed Deep Agents verifies the token server-side (JWKS, OIDC discovery, opaque introspection, or guest tokens signed by Managed Deep Agents) and maps claims into the identity envelope.
In
validated_token mode, your frontend signs the user in with the same IdP you configured, reads an access token (or ID token where applicable), and passes it to the LangGraph client as Authorization: Bearer <token>. Do not send refresh tokens or client secrets to the deployment.
When more than one provider is configured, each entry needs an
id. Managed Deep Agents routes JWT providers by token iss and fails closed when the issuer is unknown.
Guest tokens
Addproviders.guest(...) when anonymous visitors should get a short-lived, actor-scoped session without signing in. Managed Deep Agents signs guest tokens with MDA_GUEST_SIGNING_KEY (HS256). Set the key in .env for mda dev and as a hosted deployment secret for mda deploy. Rotate it like any other signing secret.
With guest issuance enabled, the deployment exposes a public issuance route:
Claim a guest token
To claim a token, send an emptyPOST to the deployment base URL with Content-Type: application/json. If the deployment requires a public app key (LANGGRAPH_AUTH_SECRET), also send X-Auth-Key.
sub (for example, guest:01932f4a-... when actor_prefix is guest:) and the expiry from exp. Managed Deep Agents maps sub to runtime.identity.actor.id on subsequent requests.
Use the guest token
Send the token on LangGraph and connector requests the same way you send IdP access tokens:Use runtime.identity in tools and middleware
When identity is declared, authored tools and middleware receive a frozen runtime.identity object built from the trusted auth result. Client-supplied spoofable identity keys are stripped from configurable.
Scoping axes
Presets cover the common cases. To customize, setscoping explicitly:
tenancy: "single" cannot use "tenant" on any axis. Store access fails closed (403) when required identity segments are missing.
Custom downstream credentials
Setscoping.credentials: "custom" and provide either an in-process resolve function or a hosted token-exchange endpoint. Tools then call runtime.credentials.for(target) to mint per-actor headers. Secrets stay in memory and are never written to thread state or traces.
To expose LangSmith capabilities to browsers or other untrusted callers, add a LangSmith connector. It requires identity so capability routes can resolve the caller and prove ownership before calling LangSmith server-side.
Secrets checklist
Put local values in
.env. mda deploy forwards non-reserved .env values as hosted deployment secrets.
Test and deploy
Test the project locally withmda dev, then deploy it with mda deploy. Open deployment traces in LangSmith to inspect model calls, tool calls, errors, and latency.
Identity misconfiguration usually surfaces as 401 (auth) or 403 (store/thread scope) during local Studio or first authenticated request. Confirm the matching secret is present and that trusted-backend proxies attach the reserved headers.
Next steps
Custom tools
Read
runtime.identity from authored tools.LangSmith connector
Expose constrained LangSmith capabilities to untrusted callers.
How it works
See how compile and deploy wire auth into the runtime.
CLI reference
Look up the
identity project file and deploy flags.Connect these docs to Claude, VSCode, and more via MCP for real-time answers.

