Verified User Access: The Only Secure Approval Workflows for Chat

December 6, 2021

As chatbots become more prevalent in the workplace, there are two important items that have yet to be addressed and are imperative for businesses of all sizes who use bots: Approval Workflows and Correct Attribution. Workbot® is the first bot to add the new feature, Verified User Access (patent pending).

With Verified User Access, you can safely execute approval workflows from chat apps and make all chat workflows trackable and compliant by correctly attributing the user. 

Approve Anything from Slack and Teams

Why Don’t Bots Already Do This? 

Currently all bots in existence work in the same way. This is true for Slack, Microsoft Teams etc. Only one instance of the bot can be installed per team and whoever installs the bot in the team is the only person the bot has permission to act as.

Even though the bot knows when it is talking to a user other than the person who installed it, and allows the user to complete actions, it will complete commands for everyone as the installer.

What is Verified User Access?

Verified User Access is a new, first-of-its kind feature developed by Workato that allows Workbot to verify users in Slack or Teams before allowing them to take actions, subsequently correctly attributing the user taking the action inside of your business apps.

If you enable Verified User Access, the person trying to take action will be prompted to log into the app they are trying to do something in. This allows the bot to verify who the user is and only grant access if it is a person who is allowed to do this action.

Here the user is trying to approve or reject an IT request that is in ServiceNow. They will be prompted to log into ServiceNow so that Workbot can verify who they are and if they have permission to do this action.

How Other Bots Work Without Verified User Access

Meet Tom: 

Tom works at Acme Inc. where he uses Slack for internal chat. The Acme Inc. Slack organization has 400 users (other Acme employees). He installs a chatbot, giving it access to the organization so everyone can use it. Even though everyone in the organization can use the chatbot, the chatbot is still intrinsically tied to Tom because he installed it.

The chatbot can tell the difference between when Tom is talking to it, or when the other 400 employees are talking to it, but it only has the ability to act as Tom and therefore, access the apps the chatbot works with as Tom. 

This means a few things:

  •  Because Tom installed the bot, every action the bot takes is logged as being done by Tom (even if it was done by one of the other 400 employees). 
  • If Tom installed the bot and then granted it access to NetSuite (or any other app), any of the employees in the channel can access Tom’s NetSuite data via Slack.
  • If there is anyone in the Acme organization that should not have access to certain information, there is no way to enforce this restriction. 

Additionally, every action will be logged as being done by Tom, even when it was not done by Tom. That is – unless Tom is using Workbot, now armed with Verified User Access!

Verified User Access Allows for Secure Approval

Approval Workflow using Slack and Salesforce for a deal request

Verified User Access allows you to have approval workflows inside of your chat console. For example, let’s say you use Workbot for an expense report approval workflow in Slack or Teams. You get a notification from Expensify that an expense report has been submitted with a button to approve or reject the expense report.

Only Josie, the manager, should be able to approve expense reports. With Verified User Access enabled – if Tom clicks to approve, he will be prompted to sign into Expensify. Since, Tom is not authorized, he won’t be able to approve the expense report.

When Josie clicks to approve and signs in, Workbot will approve the expense report. Josie verified who she was, and was able to approve the expense report without needing to navigate to Expensify and use the interface to go through the steps of approval. Just click and authenticate without leaving Slack.

Inside of Expensify, it will also be noted that Josie approved the expense report – whereas without Verified User Access the installer, Tom, would have been credited. This opens up a whole new workflow capability that can now be enabled through Slack or Teams. 

Any business process that requires approval from specific people can now be done using bots in a way that is compliant with the access privilege that the user has.

Want to learn more about how you can use Workbot to get your work done in Slack, break down information silos, and enable faster and more efficient work across your organization? Down the free ebook here>

About the author
Kristine Colosimo
Kristine oversees Workato's content and works with awesome apps like DocuSign, Zendesk, SurveyMonkey etc. on great automation content.