***

title: Agent Mode Enterprise features
updated: 2026-02-23T00:00:00.000Z
max-toc-depth: 2
----------------

Agent Mode offers enhanced enterprise-grade features designed to meet the security, governance, and access control requirements of large organizations. These features provide administrators with granular control over AI capabilities while maintaining security and compliance standards.

Enterprise features for Agent Mode include the following:

* **Fine-grained user access control** — Control which users and groups can access AI features
* **Security guardrails** — Protect sensitive data with automatic redaction and filtering
* **MCP governance** — Manage and restrict Model Context Protocol server usage

## Fine-grained user access control

Enterprise Admins can control access to Agent Mode beyond the standard team-level AI consent settings. This enables precise control over which users can utilize AI capabilities within your organization.

### Access control options

<ParamField path="All users" type="default">
  Enable Agent Mode for all users in the organization.
</ParamField>

<ParamField path="Specific users">
  Grant access to selected users, groups, or teams within the organization.
</ParamField>

### Enterprise use cases

Granular access control enables common enterprise scenarios:

* **Pilot programs** — Start with a small group to evaluate Agent Mode before broader rollout.
* **Role-based access** — Restrict access to senior engineers or platform teams.
* **Phased rollouts** — Gradually expand access across different teams and departments.

## Security guardrails

Agent Mode implements multiple layers of security to protect sensitive data before it reaches any LLM. These guardrails operate automatically to prevent exposure of confidential information.

### Secret redaction

Secret redaction automatically prevents API keys, tokens, credentials, and other secrets from being sent to LLMs:

* **Built-in detection** — Uses Postman Secret Scanner to identify common secret patterns.
* **Custom rules** — Define organization-specific secret patterns for enhanced protection.
* **Client-side enforcement** — Prevents secrets from syncing to Postman services or being sent to LLMs.
* **No persistence** — Secrets are redacted from LLM calls without being stored.

### PII redaction

Protect personally identifiable information using industry-standard guardrails. Agent Mode uses AWS' PII Guardrails to redact PII before forwarding it to the underlying LLM.

<Note>
  Enabling PII redaction may impact product usability and response latency due to additional processing requirements.
</Note>

## MCP governance

Model Context Protocol (MCP) servers extend Agent Mode functionality by connecting to third-party systems. Enterprise governance controls help manage the security and compliance risks associated with these integrations.

### MCP control options

Administrators can implement the following controls:

* **Allowlist specific MCPs** — Permit only approved MCP servers for organizational use.
* **Block all MCPs** — Prevent users from configuring or using any MCP servers.