Authorize LangGraph agent workflows with Cerbos
Control which tools and state transitions your LangGraph agents can execute with fine-grained, policy-driven authorization powered by Cerbos.
Node-level authorization
Control which graph nodes and tools each user or role can execute with fine-grained Cerbos policies
Workflow-aware decisions
Authorize tool calls and state transitions based on user identity, roles, and the current position in the workflow graph
Audit every step
Every authorization decision at every node is logged with full context, giving you a complete audit trail of agent workflows
How Cerbos works with LangGraph
AI agents and tools introduce a new class of authorization challenges. They act on behalf of users, access sensitive data, and chain operations, all of which need fine-grained access control.
Cerbos provides policy-driven authorization that controls what AI systems can do, which data they can access, and on whose behalf. Policies are written in human-readable YAML and evaluated at request time.
With Cerbos and LangGraph, you get guardrails that scale with your AI adoption, centrally managed policies, full audit trails, and sub-millisecond decision times that don't slow down agent workflows.
How Cerbos authorizes LangGraph workflows
- Define policies for nodes and tools, Write YAML policies that specify which graph nodes and tools each user or role can execute based on identity, attributes, and context.
- Agent requests authorization at each node, Before a node invokes a tool or transitions state, the agent sends the user context, tool name, and target resource to the Cerbos PDP.
- Cerbos evaluates the request against policies, The PDP applies fine-grained rules considering the user's identity, role, and any additional attributes you provide.
- Node proceeds or workflow is redirected, Cerbos returns an allow or deny decision. The graph can enforce it by blocking the node, taking an alternative path, or returning an error.
FAQ
How does Cerbos authorize LangGraph workflows?
Cerbos evaluates authorization at each node in a LangGraph graph. Before a node invokes a tool or transitions state, the agent sends the user context, tool name, and target resource to the Cerbos PDP. Cerbos returns an allow or deny decision for each step.
How is this different from the LangChain integration?
LangChain authorization covers individual tool calls. LangGraph extends this to multi-step workflows with branching, cycles, and persistent state. Cerbos can authorize both tool invocations within nodes and transitions between nodes in the graph.
Can I control which graph paths a user can take?
Yes. Cerbos policies can gate specific nodes and transitions based on user identity, roles, and attributes. Different users can be authorized for different paths through the same graph.
Learn more about Cerbos
Related integrations
View all integrations →
Cerbos + LangGraph
- Cerbos policies govern AI agent tool access and data visibility
- Full audit trail for every AI tool call and data access
- Per-user permissions enforced across autonomous agent workflows
- Sub-millisecond policy evaluation with no agent pipeline overhead
Authorization for AI systems
By industry
By business requirement
Useful links
What is Cerbos?
Cerbos is an end-to-end enterprise authorization software for Zero Trust environments and AI-powered systems. It enforces fine-grained, contextual, and continuous authorization across apps, APIs, AI agents, MCP servers, services, and workloads.
Cerbos consists of an open-source Policy Decision Point, Enforcement Point integrations, and a centrally managed Policy Administration Plane (Cerbos Hub) that coordinates unified policy-based authorization across your architecture. Enforce least privilege & maintain full visibility into access decisions with Cerbos authorization.