As AI agents become increasingly integral to business operations, identity management is entering a new era of complexity. In this live Identiverse 2025 interview, Frontegg CEO Sagi Rodin breaks down how organizations are rethinking identity in the age of agents.
From the UX expectations of Gen Z users to the rising need for AI-native authentication and entitlement models, Sagi explores how identity strategy is shifting across teams. He explains why customer identity can no longer stay siloed within engineering and what this means for developers, Infosec, and product leaders.
Welcome to Identiverse twenty twenty five. We’re here recording live from the Cyberus TV studio on the expo floor at the Mandalay Bay Convention Center in Las Vegas. I’m your host, Adrian Sanabria, and joining me for this interview is Sagi Rodin, CEO of Frontegg. Welcome, Sagi.
Thank you for having me.
So, yeah, to be honest, Frontegg, I’m not very familiar with the company. So so maybe give me a little bit of background on, the the company and what you guys do.
Yeah. So we’re a five year old company, based in Mountain View, California and in Tel Aviv, Israel. The company is basically solving the customer identity challenge for SaaS companies.
So you would have modern companies, different shapes and sizes using us, so they don’t have to deal with the risks of, security within their customer identity and user management, scaling it up, and developing all the features that are basically table stakes today in any modern SaaS application.
So it’s a B2B product that helps one of those b’s with their B2C?
Exact or B2B. Yeah. So they were either B2B2B or B2B2C.
Yeah. Okay. Got it. Yeah. Hope everybody else got it. I got it. Yeah.
It will take a minute.
Yeah. Yeah.
Yeah. So so what are you know, I think, you know, thanks partly to AI, you know, but just the fact that, you know, just the nature of some of the attacks that we’re seeing, I think it is an inflection point for identity at this point.
Apparently, identity security is a new term, you know, which is baffling to me because I’ve dealt with identity, you know, from the very beginning of my career, in in the early 2000s.
But, yeah, I guess, a lot of people working in identity, you know, it it wasn’t as as well paired with security there. So what are some of the trends you’re seeing come out of this? Like, in, you know, your five year old company, has, have those trends significantly changed even since you guys got started five years ago?
Yeah. Significantly changed.
I think that even before going to AI, there are a few trends that are happening that are interesting to note. First of all is the user experience. Mhmm. Because we used to think about customer identity as just logging in, you know, getting the token, validating it, expiring it once it’s, off, and and that’s it. Today, I think that most of the users are just used to a different type of authentication.
You know, you go to any app today. You’re used to Face ID.
My kid, you know, he plays a lot of, video games, and he will basically tell me, dad, give me your face so I can log in into my, into my game.
Yeah.
He wouldn’t ask for a password. Right?
And, this is just a new experience kinda that that we see all over.
And that makes a lot of companies kinda, be aware of that.
Product managers that want to make the experience of their users more smooth, are becoming more aware, embedding that obviously into their roadmaps.
The second thing that is happening, and I think that this is partially because of the AI trend, is that I think that mode is becoming harder to get. Right? This differentiation of, of your product is something that, nobody can copy. Because features are being built so fast these days, through cursor and stuff like that.
Yeah. Vibing.
Exactly. So you so a lot of compass need to kind of reinvent themselves. And this happens by finding new go to markets.
A lot of the companies we see that are developing second and third products, to provide more value. And I think that this is interesting because the identity becoming more complex. Now you need to manage identity across multiple applications, several types of users and accounts, and need to worry about, you know, their user experience, the security behind it, making everything scalable, which is also becoming the, kinda responsibility for the identity providers to make it easier for the vendors to go through this transition.
Yeah. Yeah. I think a lot of people when they look at an application, a web application, and buried within that.
Yes. So, you know, diving into some of these trends more deeply. So, you know, one thing that seems very, like, it could get very complicated very quickly is agentic.
Yeah. I think at one point, we’re thinking, okay. Within the enterprise, I’m gonna have this this, this one agent that knows everything, the super employee, that sees and touches everything. And that seemed like a terrible idea, you know, because, obviously, that’s immediately gonna be, like, as a pen tester or an attacker, like, my my one stop shop shop for everything.
Yeah. It’s gonna be really abused, by employees and attackers maybe. And now, you know, it makes a lot more sense to have specialized, agents that do different things and interact with, with different APIs, with different services, and things like that. And you can already see how even with consumer apps, this would make a lot of sense.
Right? You know, like like, use cases like like, maybe, I I want all my banking information, my transactions to be available, to my CPA, but my CPA is using some kind of Yep. Agent based platform for this to to look for common mistakes and pitfalls and things like that. So how big of a challenge is this gonna be?
Like, it it seems like we haven’t even figured out if an AI agent is gonna be handled more like a person or more like a machine identity. Right?
Yeah. It’s maybe somewhere in the middle. Right? So, we kinda think about it not as, either a human being or a machine because it’s kinda in the middle. It’s it has its own kinda, you know, characteristics.
And I think that agentic is is super interesting. On the one hand, we see that organizations are starting to build agents into their roadmaps.
It’s still not very production grade, but we do see a lot of our customers that we spoke to, planning to release sort of an agent even this year. Mhmm. So obviously, when you build an agent like that, you need to help users authenticate into this agent in a native way. Right? Like, just you as you authenticate into ChatGPT or stuff like that.
But the other thing, which is kinda unique in that, area is the ability to allow the agents to connect to different services, and different kind of third party applications within the ecosystem. And, and here it becomes very tricky because on the one hand, you got new standards like MCP rising. On the other hand, we all know that security is not the strongest part there. So we definitely see that we need to help there.
And the second thing is to enable your products to be accessed and and operated by agents, which is another task. So those two, the inbound aspect and the outbound aspects are super interesting and definitely changing the way identity is kind of perceived as only a SaaS thing.
Yeah. Right. Like like, even agents that, maybe use your identity as well. You know, we’re seeing, you know, robotic automation, you know, this kind of, move the mouse cursor.
Right? You know, because not all these services, like, especially, like, if I think, travel planning, that kind of thing, there there’s a lot of, very old UIs, you know, that, you know, these companies aren’t really, you know, inclined to update, I guess, you know, trip it and things like that. Like like, there’s no API. They weren’t built with an API.
Very, very old, code base. And, you know, so you need something that actually logs in as you and access you and has to click the interface and click check boxes and click save and wait a certain number of seconds for the next page to load. You know? So that that seems like even more complexity there.
Right? It’s complex.
I think that there are headless browsers today and companies like that that deal with those things to enable agents to operate.
But but I think also that this level of freedom that you just described introduces a few more challenges. Right? Because even if I kinda allow the end user to connect through this prompt or or chat or whatever, UX is there, an agent to these third party services. Right?
What is going to prevent the user to basically write, I don’t know, like delete all of the records in my Salesforce. Right? Because the connection was made.
So something needs to monitor, and prevent this type of, kinda activities.
And I think that here is again the challenge of identity companies, to really manage those entitlements and permissions and role management in a rather different ways. Because as you mentioned, it’s not like API.
So you you either can access that or you’re blocked. It’s somewhere in the middle with a lot of shades. And I think that here it becomes super interesting for companies like us to enable this natural language interaction.
Yeah. Yeah. Like, you know, just checking into my hotel here at Mandalay Bay, you know, trying to use the mobile check-in completely failed for me because, my my credit card rejected it. And it takes it so long to send me the was this really you? Yes or no? And then I say yes, and it says, okay. For one hour, you can try the transaction again.
You know, but at that point, I hadn’t even gotten the error message or the email from Mandalay Bay. Yeah. You know? So I’ve already tried four or five times, by the time I get that first email from that first time I tried.
So, you know, it seems like, latency. You You know, like, again, going back to the trend of user experience you’re talking about, that’s super important. You know, because when I get that email, I’m like, did that come from the fourth try or the first try or the second? Like like, I I’m I’m very confused at this point.
I just give up and I go to the front desk, and and I just let them handle it. And so they’ve got all these signs like mobile login, mobile login, but the moment a credit card doesn’t work, it all falls apart.
Yeah. I agree. You know, it’s just like buying a Tesla and starting your journey with a flat tire. Right? Like, because at the end of the day, the authentication part is the onboarding. That’s your first step into into, you know, into the application, into the hotel as you mentioned.
It’s kind of the first Sorry, Mandalay. Don’t kick me out of my room.
It’s the first experience that you get, and it’s really important to to nail that experience. And I think that we’re seeing also a trend and, you know, I haven’t spoken about it, that it’s not only the security, the engineers that care.
Suddenly you get go to market people that care. Right? The marketing manager or the CMO even, they would care a lot about how this experience in getting through the door into the product looks like. It affects the sign up rates, right, the conversion rates, and stuff like that.
You would get the security people to care because there’s features like, I don’t know, enabling SSO connections and stuff like that, which are also important to sell the product. Yeah. So we kinda believe, it’s written on our booth identity for the whole team, not just as a slogan because we actually see that there’s a lot of team members that use our product behind the scenes, even support, and not only developers or not even only security.
Yeah. And we’ve seen that shift, the design of a lot of these products over the years. Like, I remember, for marketing teams, everybody had to share the Twitter password at one point. Right? You know?
There there wasn’t any kind of workflow or or way for a company social account to be shared and used by multiple people. And then we started seeing companies pop up to solve solve that problem, buffer and hour and and a lot of these. And and just the other day, buffer finally sent me something and said, okay. You can now at companies or people. You know? Because it doesn’t work when you’re doing it from another platform because it it needs to populate that list of, okay, which company are you talking about, which person you’re talking about. And it’s, that that user experience has been pretty bad for a while.
You know, when customer identity was introduced as a thing, about ten, thirteen years ago as a service, it was mainly aiming at consumer applications. And it was pretty easy. Right? Like, you sign up with the username and password, and basically, you’re in, then it throws you out. You have to re log in.
You need a a password reset process.
Exactly. Multi factor was introduced, but when more, B2B companies started, to rise, basically, the whole challenge became more complicated because now a user is not a user on his own, he’s a user within an organization, and he has roles within that organization.
And then you would see a user from an MSSP or whatever that needs to access several organizations with different roles and permissions. And it became more complicated. We are the one who brought kinda this concept of, B2B identity, about five, five and a half years ago.
And since then, you know, we see that the the largest growth in the popularity of usage and customer identity becomes in those complex challenges. When there’s several customers, several types of applications, you’ll get a lot of types of users that belong to those organization. You have different levels of organizations, and you need to manage all of that. And that’s complex. And that’s even before, you know, agents are kinda starting to participate in this game as well, which we already start to see.
It seems, your example about your the face authentication in your kid, like, it makes me think, we will have a period or maybe it is right now where there’s a generation that’s never used passwords and a, generation that’s never used anything but passwords, existing at the same amount of time. You know?
And I’ve seen people who are uncomfortable with passkeys because it doesn’t feel secure because you just click log in and it happens. They don’t have to provide anything. And then on the other side, you know, this expectation that everything’s gonna be fingerprint or or Face ID or, you know, something, like, completely frictionless.
Yes.
I agree. I think that, you know, we will see new methods arising. We will see a lot of, security coming into place because with the AI, you know, the attack surface is obviously becoming more obvious. Yeah. It’s easier to attack the applications or user app to attack a certain company, kinda use you as a supply chain attack vector.
And, you know, the the today, we’re seeing a lot of device flow authentication that is happening. So, basically, when you need to authenticate, you just kinda scan a QR code and you’re in, which is great. We see, obviously, passkeys as you mentioned and, a lot of other things. Yeah. And I think that as the technology evolves, we will see even more sophisticated methods that will make the experience much better.
Yeah. That’s, excited to see that.
Yeah. But also, we’ll make the CISOs not sleep at night. Right? Because, I think that, you know, it used to kind of be considered that customer identity security, as you mentioned, it’s a engineering thing.
Or a product thing. But today, we actually see that companies are kinda expecting security teams and CISOs to be responsible for that as well. So a lot of those CISOs won’t control. They wanna set up their own policies regardless of what the product supports or not.
Yeah. So we’re trying to enable them, kinda an easy way to get their level of support, without overstepping maybe the product and the engineering, and live side by side, together with, you know, mutual goal at the end of the day.
Yeah. Yeah. Yeah. Tough balance.
Yeah. It is.
Well, thank you so much, Sagi, for joining me today. Great conversation. I enjoyed it.
Thank you so much.
The Complete Guide to SaaS Multi-Tenant Architecture
