DOCUMENTATION
search
Go To Builder
  1. Home
  3. Docs
  5. Virtual Assistants
  7. Bot Administration
  9. Security & Compliance
  11. Security & Control Module Overview

Security & Control Module Overview

In the Security & Control module of the Kore.ai Bots Admin Console,

  • configure Single Sign-On (SSO) authentication for your domain users (see here),
  • configure and install the Kore.ai Connector agent for Bot communications between Kore.ai and your on-premises applications using custom Kore.ai Bots (see here),
  • obtain and reset the enterprise key for encryption (see below),
  • create the app and define API scopes (see below)
  • other security settings (see here)

Enterprise Key

On the Enterprise Key page in the Security & Control module of the Bots Admin Console, you can view, or regenerate your enterprise data encryption key.

By default, enterprise data, including user data, is automatically encrypted using this key when stored on Kore.ai servers. The encryption key is reissued every 60 days, or whenever manually refreshed by an admin.

To generate a new enterprise data encryption key, click Refresh.

Bring Your Own Key (BYOK)

 BYOK allows enterprises to use their own Customer Master Keys (CMKs) to encrypt specific app or bot data. This ensures enhanced control and security, enabling organizations to manage encryption keys in alignment with their compliance and security requirements, even in public cloud SaaS deployments.

Steps to avail BYOK encryption:

  1. In the Admin Console, go to the Enterprise Key menu and click Create Key under Bring Your Own Key.
  2. Choose the Cloud Provider from the dropdown and enter the ARN number of the Customer Master Key (CMK).
  3. Select an Enforcement Date. This is the date data will be encrypted using the provided customer key (CMK).
  4. Once entered, users will be asked to TEST Connection.
  5. If the test is successful, the NEXT button will be enabled.

  6. On the next screen, users will see a list of all Apps/Bots in the workspace that will be encrypted with the provided CMK. By default, all will be selected.
  7. If the user unselects certain Apps/Bots, those will be encrypted with the DEFAULT Key (Kore CMS).
  8. Click Proceed to add the customer CMK to the list of Enterprise Keys used in the encryption process.

Note: Users can modify the CMK (update the ARN and retest) until the Enforcement Date. After this date, they can only rotate the key or update the list of Apps/Bots encrypted with the CMK.

 

API Scopes

Using this option you can define apps and associate API scopes for accessing various platform features.

  1. Use the New button to create a new app.
  2. Select the +Create App option from the App drop-down.
  3. Once you enter a name, a Client ID and Client Secret are generated which can be used to access the platform
  4. For each app created the following API Scopes can be assigned as per the requirement
    • IntentIdentification includes the scopes for Intent and Entity Detection;
    • Bot Definition includes the scopes for Bot Import, Export, and Creation;
    • Bot Publish for Publish access;
    • Test & Train to include permissions to Train ML  and FAQ, Utterances Import & Export;
    • Logs to include retrieval capability of Bot Audit and Admin Console Audit Logs;
    • Profile Management to get access to Role Management APIs and to Delete User Data;
    • Bot Analytics to be able to retrieve Chat History and Bot conversation Sessions
    • User Management scope to manage users;
    • Custom Reports scope to retrieve the data associated with custom widgets and reports;
    • ManageKnowledgeGraph scope to export and manage the complete definition of the Knowledge Graph;
    • Channel Management to create and update channels;
    • BotKit to configure the botkit and agent transfer;
    • Master Admin – assign this scope to get the list of sample bots.
  5. Once created these apps can be used from within the Bot Builder Platform or externally to access various features by invoking the corresponding public API (see here for list).
Menu