The problem of secret-key-based authentication under privacy and storage constraints on the source sequence is considered. Identifier measurement channels during authentication are assumed to be controllable via a cost-constrained action sequence. Inner and outer bounds for the key-leakage-storage-cost regions are derived for a generalization of the classic two-terminal key agreement model. Additions to the model are that the encoder observes a noisy version of a remote source, and this noisy output and the remote source output together with an action sequence are given as inputs to the measurement channel at the decoder. Thus, correlation is introduced between the noise components on the encoder and decoder measurements. The model with a key generated by an encoder is extended to the randomized models, where a key is embedded to the encoder. The results are relevant for several user and device authentication scenarios including physical and biometric identifiers with multiple measurements that provide diversity and multiplexing gains. Achievable (key, storage, cost) tuples are evaluated for binary identifiers and measurement channels represented as a mixture of binary symmetric subchannels. Significant gains from using an action sequence are illustrated to motivate the use of low-complexity transform-coding algorithms with cost-constrained actions.