Agentic Access and Companions
Knocknoc normally grants access to the single IP a user authenticates from. Agentic Access and Companions extend that for two cases: granting time-limited access to an automated agent, and keeping access for a user's other companions, such as a second device or a cloud instance.
Both are granular, opt-in features. They stay off until an administrator turns them on, and can be allowed or denied per user, group, or Knoc. Agents and companions count towards the user's session cap, alongside their active logins.
Agentic Access
Agentic Access grants time-limited access to an automated agent acting on a user's behalf, rather than to a human at a keyboard. It suits scripted or unattended tasks that need the users protected access for a set window.
First define the access:
Then give the access link to your agentic companion:
Then approve access if the details are correct:
Companions
Companions let a user keep access for their own companions, such as a second device, a jump box, or a cloud instance, without an administrator granting each one by hand.
Each companion can access a subset of the resources assigned to the user, as decided by the user. Removing a companion revokes its access straight away.
Enabling it
Agentic Access and Companions are controlled at three levels, and all of them must allow it before a user can use the feature:
- Site-wide: an administrator turns the feature on in the settings page.
- Per user or group: each identity is allowed or denied each feature.
- Per Knoc: each Knoc decides whether agents and companions may reach it.
Turning a feature off at any level immediately revokes the access it covers.
On the settings page:
On the groups page:
On the users page:
On the Knoc configuration page:
Reviewing and revoking
Administrators can review every agent and companion in use across the system, and revoke any of them.







