This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forย 
Search instead forย 
Did you mean:ย 

Bot governance

jessica-lie
Workato employee
Workato employee

โ€Ž01-15-2021 08:22 AM

[Dec 22, 2020] Mike Power (CRM Enterprise Architect at American University) posted:

Good afternoon all,

We did a brief POC with Workbot for MS Teams recently, and may build some recipes with it but our infrastructure group has governance concerns.

Iโ€™m curious what others do with Workbot for MS Teams (or potentially other applications since the need for governances is probably the same).  Questions like:

  1. Whatโ€™s your governance process for regulating what can be done with the Workbot connector, managing PII, etc?
  2. Do you check the box when you log in to โ€œconsent on behalf of the organizationโ€, which I believe means the connector can be disconnected/re-connected by anyone, not just the Office365 admin.
  3. How do you manage what commands get published so itโ€™s not overwhelming?  Or do you just do things by channel?

Weโ€™re pretty new to this space, so Iโ€™d appreciate any thoughts/gotchas on starting to use Workbot as an organization.

Thank you!

0 Kudos
6 REPLIES 6

mroldanvega
Executive Chef I
Executive Chef I

โ€Ž02-26-2021 12:33 PM

We have a dedicated service account for the connection. Our Office365 Admin is able to temporarilly elevate its permissions to perform the consent, then change it back to non-admin. The admin does this for us only one time during the setup.

We have a single bot, and yes the commands are getting a bit long. I dont think we are ready for custom bots yet. Probably soon. However, one of the things we do is check AD/Okta group membership for the user who is running the bot command to see if they are allowed to run it.
I.e. in each bot recipe we capture the user who is running the bot, we call a callable recipe that checks if this user is a member of an AD group that we define for this purpose (or reuse a group if already exist). If the user is not a member we stop the command and reply to the user with some kind of "not authorized" message.
Hope this helps.

0 Kudos

jessica-lie
Workato employee
Workato employee

โ€Ž02-27-2021 11:13 AM

Hey Mike Power !


Tagging you back into the loop, so you are kept up-to-date with more of the brilliant information your peers have provided ๐Ÿ™‚


Ported this conversation from the previous platform. Hope the new answers are of help to you!

0 Kudos
Copyright © 2024 Khoros, LLC