Overview of EmpowerID Chatbot

The EmpowerID chatbot is an intelligent virtual assistant. Users can interact with the chatbot to perform self-service identity and access management. The chatbot can also proactively reach out to users when it detects a need for their involvement, such as to notify them of new tasks to approve or if their account has become locked out. EmpowerID's unique approach to chatbots allows the chatbot processes to be developed as secure, visually designed workflows using EmpowerID Workflow Studio.

One of the key differences with the EmpowerID bot is that it doesn't rely on the Azure Bot SDK for its operations. Instead, developers utilize EmpowerID libraries and components known as "activities" to enable bot capabilities. These activities are then transformed into Microsoft bot elements by the Bot Microservice. For instance, rather than creating an Adaptive Card directly, we develop a BotAdaptive Card Activity that can be transformed into an Adaptive Card (and vice versa) by the Bot Microservice.

Key Components

Channel: Channel is the connection between the Application and the Bot for communication. You can initiate a channel or chat for EmpowerID Bot from Microsoft Teams, Service Now, EmpowerID Mobile App, and Web Chat.

Azure Bot Service: Azure Bot Service is a managed bot development service that helps you seamlessly connect to users via channels. Bot Framework and Azure Bot Service provide tools to build, test, deploy, and manage bots.

Bot Service: Bot Service is a microservice built in .NET Core, which acts as an interface between Azure Bot Service and the EmpowerID system. This microservice is capable of interpreting commands and executing actions in EmpowerID. Results or messages from EmpowerID are transformed into Bot Framework components by bot service.

BotFlow: BotFlow is those operations in Bot that trigger a workflow in EmpowerID.

ApiFlow: ApiFlow is those operations in Bot that trigger a workflow in EmpowerID.

 

An overview of the EmpowerID Bot

The figure above shows the internals of the EmpowerID Bot. The EmpowerID Bot is available on different platforms or channels, where you can interact with it for self-service identity and access management. Azure Bot Service handles the interaction of the messages from EmpowerID to the channels. Bot Service is a microservice that provides the rest endpoint or interface between the EmpowerID and the Azure Bot Service. The Bot microservice comprises of the BotFlow and ApiFlow; BotFlows are those operations in Bot that trigger a workflow in EmpowerID, whereas the ApiFlows will invoke API endpoints.
E.g., the Bot allows you to Change a Password, and this change password feature in the Bot is possible because of BotFlow. If you are using the ask-to-see command “Which management roles are I a member of?“ this Bot feature will consume the API endpoints of Bot Microservice. You can develop BotFlow and ApiFlow using EmpowerID Workflow Studio like any other EmpowerID workflow and API.

Communication Flow & Infrastructure

Users can interact with the Bot using different channels like Microsoft Teams, Web Chat, or the Mobile App. The operation requested via Bot will eventually execute either a Botflow or ApiFlow in the EmpowerID.

 

An Overview of the Communication Flow in EmpowerID Bot
  1. A user will initiate the chat from a channel.

  2. Azure Bot Service receives the messages and passes them to the Bot Microservice.

  3. Bot Microservice processes or interprets the received messages. Typically, these messages are commands that can trigger some task in EmpowerID.

  4. Bot Microservice will execute BotFlow and Apiflow as per the messages received. A bot microservice can also receive commands directly from Job, API, Workflows, or other system components and send messages to users. We refer to these systems-initiated conversations as Proactive Messaging. For example, a job can trigger a message asking the user to approve a particular business request.

  5. Bot service will send the results from the BotFlow and ApiFlow to the Azure Bot service. Bot service transforms the results into Microsoft Bot Framework SDK components or messages.

  6. Bot service dispatches the messages to the channels.

EmpowerID bot is built upon state-of-the-art Azure infrastructure and can serve multiple tenants with the same infrastructure. Tenant Configuration Data like the EmpowerID server instance and Database Config are stored for each tenant so that the Bot service can connect to the right instance of EmpowerID regardless of a SaaS or On-Premise installation.

Multi-Tenancy

You can configure multiple tenants in the Bot Microservice, and we refer to the configuration as https://dotnetworkflow.jira.com/wiki/spaces/EAGV24R2/pages/3390586245. EmpowerID uses a CosmosDB instance named TenantConfiguration to store the configuration, and these configurations are associated with a tenant using a unique TenantID.

Based upon these tenant configurations, the bot microservice can authenticate the user and interact with the backend applications to serve the incoming requests from the channels. Some important configurations for the tenant are OAuth configuration, storage configuration for Cosmos DB & Blob Storage, and configuration for the assemblies of BotFlows and ApiFlows.

  1. A TenantID will be sent to the Bot Service whenever a message is initiated in the channels. For e.g., in the figure above, users from two tenants, A & B, have triggered a chat, and the bot service will receive respective TenantID from the users to identify the tenant.

  2. Bot Service will fetch associated configurations of the tenant from the CosmosDB. The configurations are

    1. Base classes of workflow and

    2. OAuth configuration for authentication

    3. Storage Information

    4. Other Relevant Tenant Configuration

  3. Bot Microservice can initiate and respond to user requests for multiple tenants based on the configuration.