skip to main content
Browse documentation

Let the assistant act for a signed-in user

Allow the assistant to take authenticated actions on behalf of a signed-in end user, scoped to their permissions, with confirmation before sensitive actions.

When your end users are signed in, the assistant can do more than answer — it can act for them, using their identity and staying within their permissions.

How it works

Acting for a user is built to be safe by default:

  • The assistant acts as the signed-in end user, using their authenticated identity — never a shared or elevated one.
  • Actions are limited to what that user is allowed to do; the assistant can’t exceed their permissions.
  • Sensitive actions ask the user to confirm before they run.

Steps

  1. Authenticate your end usersConnect your identity provider so the widget knows who the signed-in user is.
  2. Choose actionable endpointsDecide which capabilities the assistant may call on a user’s behalf.
  3. Set confirmation for sensitive actionsMark actions that should require explicit confirmation before they run.
  4. Test as a signed-in userSign in as a test user and confirm actions run as them and stop for confirmation where expected.

Next steps

End-user authenticationHow end users sign in to the widget.Custom endpointsAdd the actions the assistant can take.