You are viewing an earlier version of the admin guide. For the latest version, please visit EmpowerID Admin Guide v7.211.0.0.
Overview of EmpowerID Chatbot
The EmpowerID chatbot is an intelligent virtual assistant. Users can interact with the chatbot to perform self-service identity and access management. The chatbot can also proactively reach out to users when it detects a need for their involvement, such as to notify them of new tasks to approve or if their account has become locked out. EmpowerID's unique approach to chatbots allows the chatbot processes to be developed as secure, visually designed workflows using EmpowerID Workflow Studio.
Â
The figure above shows the internals of the EmpowerID Bot. The EmpowerID Bot is available on different platforms or channels, where you can interact with it for self-service identity and access management. Azure Bot Service handles the interaction of the messages from EmpowerID to the channels. Bot Service is a microservice that provides the rest endpoint or interface between the EmpowerID and the Azure Bot Service. The Bot microservice comprises of the BotFlow and ApiFlow; BotFlows are those operations in Bot that trigger a workflow in EmpowerID, whereas the ApiFlows will invoke API endpoints.
E.g., the Bot allows you to Change a Password, and this change password feature in the Bot is possible because of a BotFlow. If you are using the ask to see command “Which management roles are I a member of?“ this Bot feature will consume the API endpoints of Bot Microservice. You can develop BotFlow and ApiFlow using EmpowerID Workflow Studio like any other EmpowerID workflow and API.
Key Components
Channel: Channel is the connection between the Application and the Bot for communication. You can initiate a channel or chat for EmpowerID Bot from Microsoft Teams, Service Now, EmpowerID Mobile App, and Web Chat.
Azure Bot Service: Azure Bot Service is a managed bot development service that helps you seamlessly connect to users via channels. Bot Framework and Azure Bot Service provide tools to build, test, deploy, and manage bots.
Bot Service: Bot Service is a microservice built in .NET Core, which acts as an interface between Azure Bot Service and the EmpowerID system. This microservice is capable of interpreting commands and executing actions in EmpowerID. Results or messages from EmpowerID are transformed into Bot Framework components by bot service.
BotFlow: BotFlow is those operations in Bot that trigger a workflow in EmpowerID.
ApiFlow: ApiFlow is those operations in Bot that trigger a workflow in EmpowerID.
One significant differentiation with EmpowerID bot is that the bot operations are not built upon Azure Bot SDK, and developers use EmpowerID libraries/components called activity to develop bot capabilities. These components get transformed into Microsoft bot elements by the Bot Microservice. E.g., We don't create an Adaptive Card. Instead, we develop BotAdaptive Card Activity, which will be transformed into an Adaptive card and vice versa by the Bot Microservice.
Communication Flow & Architecture
Users can interact with the Bot using different channels like Microsoft Teams, Web Chat, or the Mobile App. The operation requested via Bot will eventually execute either a Botflow or ApiFlow in the EmpowerID.
Â
A user will initiate the chat from a channel.
Azure Bot Service receives the messages and passes them to the Bot Microservice.
Bot Microservice processes or interprets the received messages. Typically, these messages are commands that can trigger some task in EmpowerID.
Bot Microservice will execute BotFlow and Apiflow as per the messages received. A bot microservice can also receive commands directly from Job, API, Workflows, or other system components and send messages to users. We refer to these systems-initiated conversations as Proactive Messaging. E.G., a job can trigger a message asking the user to approve a particular business request.
Bot service will send the results from the BotFlow and ApiFlow to the Azure Bot service. Bot service transforms the results into Microsoft Bot Framework SDK components or messages.
Bot service dispatches the messages to the channels.
EmpowerID bot is built upon state-of-the-art Azure infrastructure and can serve multiple tenants with the same infrastructure. Tenant Configuration Data like the EmpowerID server instance and Database Config are stored for each tenant so that the Bot service can connect to the right instance of EmpowerID regardless of a SaaS or On-Premise installation.
Multi-Tenancy
You can configure multiple tenants in the Bot Microservice, and we refer to the configuration as Provisioning a Bot Tenant . EmpowerID uses a CosmosDB instance named TenantConfiguration to store the configuration, and these configurations are associated with a tenant using a unique TenantID.
Based upon these tenant configurations, the bot microservice can authenticate the user and interact with the backend applications to serve the incoming requests from the channels. Some important configurations for the tenant are OAuth configuration, storage configuration for Cosmos DB & Blob Storage, and configuration for the assemblies of BotFlows and ApiFlows.
A TenantID will be sent to the Bot Service whenever a message is initiated in the channels. E.g., in the figure above, users from two tenants A & B have triggered a chat, and the bot service will receive respective TenantID from the users to identify the tenant.
Bot Service will fetch associated configurations of the tenant from the CosmosDB. The configurations are
Base classes of workflow and
OAuth configuration for authentication
Storage Information
Other Relevant Tenant Configuration
Bot Microservice can initiate and respond to user requests for multiple tenants based on the configuration.
Â