Overview of EmpowerID Chatbot
The EmpowerID Chatbot is an intelligent virtual assistant that enables users to perform self-service identity and access management (IAM). It can proactively interact with users when specific actions are required—such as when a business request is pending approval or an account becomes locked.
Unlike traditional bots that use the Azure Bot SDK, EmpowerID’s chatbot processes are defined as secure, visually designed workflows using EmpowerID Workflow Studio.
EmpowerID’s chatbot does not rely on the Azure Bot SDK. Instead, it uses custom libraries and reusable components ("activities") that the Bot Microservice transforms into Microsoft Bot Framework elements.
Key Components
| Component | Description |
|---|---|
| Channel | A communication medium that connects the EmpowerID Bot with the user. Supported channels include Microsoft Teams, ServiceNow, the EmpowerID Mobile App, and Web Chat. |
| Azure Bot Service | A managed Microsoft service that relays messages between users and bots. It provides tools for bot development, deployment, and channel integration. |
| Bot Service | A custom .NET Core microservice that acts as the intermediary between Azure Bot Service and the EmpowerID platform. It interprets commands, executes workflows, and formats results. |
| BotFlow | A type of command in the bot that initiates a workflow in EmpowerID. |
| ApiFlow | A type of command that calls a REST API endpoint instead of launching a workflow. |
For example, the Bot allows you to change a password, and this change password feature in the Bot is possible because of BotFlow. If you are using the ask-to-see command "Which management roles are I a member of?" this Bot feature will consume the API endpoints of Bot Microservice.
Communication Flow and Infrastructure
The EmpowerID chatbot supports interactions across various platforms using a streamlined message processing model.
Step-by-Step Communication Flow
-
User Initiates Interaction
A user sends a message from a supported channel (e.g., Microsoft Teams). -
Azure Bot Service Receives Input
Azure Bot Service receives the message and relays it to the Bot Microservice. -
Bot Microservice Interprets Commands
The message is processed, and either a BotFlow or ApiFlow is triggered in EmpowerID. -
EmpowerID Executes Action
EmpowerID completes the requested operation (e.g., approve request, change password, fetch user roles). -
Response is Returned to Azure Bot Service
The Bot Microservice formats the response into Microsoft Bot Framework components. -
User Receives Output
Azure Bot Service sends the formatted message back to the original channel.
EmpowerID supports proactive messaging — bots can also initiate communication with users based on internal triggers (e.g., workflows, jobs, or APIs). For example, the bot may prompt a user to approve a pending access request.
Infrastructure and Deployment Model
EmpowerID’s chatbot is built on Microsoft Azure and supports a multi-tenant deployment architecture.
- The Bot Microservice supports multiple tenants with shared infrastructure.
- Tenant-specific configuration data is stored in Azure Cosmos DB.
- Each tenant’s configuration includes connection information for their EmpowerID instance (SaaS or on-premise), authentication details, and workflow assemblies.
Multi-Tenancy Support
EmpowerID supports provisioning multiple tenants within a single bot infrastructure. This is referred to as Provisioning a Bot Tenant.
Tenant Configuration Details
- Configurations are stored in Cosmos DB under a database named
TenantConfiguration. - Each configuration is linked to a unique TenantID.
- These configurations determine how the bot connects to and interacts with each tenant’s EmpowerID system.
How Multi-Tenant Routing Works
-
A TenantID is received by the Bot Microservice when a user sends a message.
- In the image above, users from Tenant A and Tenant B initiate chats.
- Each request is tagged with the appropriate TenantID.
-
The Bot Microservice uses the TenantID to look up configuration settings in CosmosDB:
- Workflow assembly references (BotFlows and ApiFlows)
- OAuth authentication settings
- Blob and Cosmos DB storage details
- Bot UI templates and policies
-
The bot dynamically loads the configuration and securely routes the request to the appropriate EmpowerID backend.
Summary
The EmpowerID chatbot architecture is designed for extensibility, scalability, and enterprise-grade IAM. With support for proactive messaging, visual workflow design, multi-channel interaction, and multi-tenancy, the bot enables a powerful self-service experience for identity management.