Presented herein are techniques for enabling delegated access control of an enterprise network. In particular, data representing a trust chain formed between a local domain and a remote domain is stored in an identity management system. The local domain has an associated secure enterprise computing network and wherein the trust chain identifies one or more outside entities associated with the remote domain that are authorized to access the secure enterprise computing network. The identity management system receives a request for access to the secure enterprise computing network by a first outside entity of the one or more outside entities associated with the remote domain. Access by the outside entity to the secure enterprise computing network is controlled/determined based on an analysis of the trust chain.