Skip to main content

Learn About Authentication for Topics and Actions

Learning Objectives

In this project, you’ll:

  • Add authentication to a standard topic.
  • Add authentication to a custom action.
  • Send a verification code to authenticate unverified users.
  • Create custom variables to bind output and inputs.
  • Create filters for topics and actions.
  • Test authentication functionality.

Introduction to Authentication

Agentforce Agents give you great flexibility with topics and actions right from the start. You can easily add topics and actions from an Asset Library or create your own, making it simple to set up your agents quickly.

For example, with the Agentforce Service Agent template, you can include topics like Account Management, Case Management, Order Inquiries, and Reservation Management, along with the related actions for each.

However, this flexibility comes with a tradeoff—additional configuration is required if you want to add extra security or privacy to these topics and actions. Consider which actions an agent should be able to perform without customer verification and which should always require it. Every organization has different security standards and policies for protecting customer data and verifying identities. Regardless of approach, Agentforce authentication provides a strong foundation for verifying customers securely.

Public vs. Private Actions

The first and perhaps most important step in adding authentication to your actions in Agentforce is to identify which actions require authentication. Public actions are, well… public. The agent can access topics and actions without authenticating who the agent is talking to. It could be a known customer or a prospect—it doesn’t matter. And, you guessed it, private actions are private and require authentication. Every organization has different requirements for authentication. For example, a healthcare company might require authentication before most of the agent’s topics or actions can be accessed, but a car dealership’s agent might not have any authentication.

Actions

Definition

Examples

Public

  • Public actions are actions that an agent can take that do not require authentication.
  • Answering Questions with Knowledge action under the General FAQ topic
  • Giving public company details like the address, phone number, locations, hours, and so on

Private

  • Private actions are actions that require verifying a user’s identity in a messaging session before an agent can take action on their behalf.
  • The level of authentication can vary based on a company’s preferences and policies.
  • Updating personal information
  • Processing payments or purchases
  • Cancelling an appointment
  • Accessing sensitive account information
  • Requesting a refund

Cloud Kicks and Agentforce

Cloud Kicks is a manufacturer of stylish and comfortable custom sneakers, and the go-to source for the latest styles. Cloud Kicks is already using Agentforce for Service to provide recommendations, performance reviews, and technical specs on its sneakers. The company wants to add case management to its agent’s capabilities. But Cloud Kicks needs a way to verify its customer’s identity whenever a customer inquires about anything related to their cases.

Linda Rosenberg, the Agentforce admin for Cloud Kicks, is tasked with adding customer verification.

Here are Linda’s authentication requirements.

  • If a customer inquires about their case status, the Case Management topic and verification is triggered.
  • Use two-factor verification; ask customers for their email and send a one-time verification code to that email.
  • The agent can only access actions in the Case Management topic once the customer is verified (the verification code matches what they were sent).

Diagram of the verification flow.

Note: This is assuming that the user in the messaging session inquiring about their case is not verified and is actively engaged in a messaging session on the Cloud Kicks experience site using Agentforce for service.

In this project, you learn the steps Linda follows to implement authentication to relevant agent topics and actions. First, follow these instructions to get a Developer Edition org to use for this badge.

Sign Up for a Developer Edition Org for Agentforce Authentication

To complete this project, you need a special Developer Edition org that has Agentforce enabled. Get the free Developer Edition and connect it to Trailhead now so you can complete the challenges in this badge. Note that this Developer Edition is designed to work with the challenges in this badge, and might not work for other badges. Always check that you’re using the Trailhead Playground or special Developer Edition org that we recommend.

  1. Sign up for a free Developer Edition org for Agentforce Authentication.
  2. Fill out the form.
    • For Email, enter an active email address.
    • For Username, enter a username that looks like an email address and is unique, but it doesn’t need to be a valid email account (for example, yourname@agentauthentication.com).
  3. After you fill out the form, click Sign me up. A confirmation message appears.
  4. When you receive the activation email (this might take a few minutes), open it and click Verify Account.
  5. Complete your registration by setting your password and challenge question.
  6. You are logged in to your Developer Edition.

Now connect your new Developer Edition org to Trailhead.

  1. Make sure you’re logged in to your Trailhead account.
  2. In the Verify Step section at the bottom of this page, click the playground name and then click Connect Org.
  3. On the login screen, enter the username (the username is listed in the email you just received) and password for the Developer Edition you just set up.
  4. On the Allow Access? screen, click Allow.
  5. On the Want to connect this org for hands-on challenges? screen, click Yes! Save it. You are redirected back to the challenge page and ready to use your new Developer Edition to earn this badge.

It’s a good idea to rename this org to remind your future self not to use it to complete any other badges. Although this step is optional, we highly recommend it.

  1. In the Verify Step section at the bottom of this page, click the playground name and then click Manage Orgs.
  2. In the Hands-On Orgs page, click Rename next to your newly connected org.
  3. For the Name, enter Agent Auth Org and click Save.
  4. Close the Hands-On Orgs page tab or window and return to the badge page.
  5. Ensure the Agent Auth Org is selected (you might need to refresh the page for the name to update), and click X to close the Choose a hands-on org popup window.

Add Your Email to the EinsteinServiceAgent User

Since the agent sends a verification email later in this project, you need to update the email that’s associated with the agent to an email you can access.

  1. Click Launch to open the Agent Auth Org.
  2. Click setup icon and select Setup. The Setup page opens in a new tab.
  3. In the Setup Quick Find, search for and select Users.
  4. Click Edit next to EinsteinServiceAgent User.
  5. In the email textbox of the EinsteinServiceAgent User, replace the current email with an email address you can access.
  6. Click Save.
  7. Click OK when the system security window opens.
  8. Access the email service you just entered and find the most recent email from support@salesforce.com.
  9. Open the email and click the link after “To finish changing your email address, go to the following link. This link expires in 72 hours.” This link opens the Email Changed page.
  10. Click Continue to complete the email update process.

Now that you created the specialty org created, connected it to Trailhead, and updated the EinsteinServiceAgent User email, it’s time to move on to adjusting flows, actions, and variables.

Resources

Share your Trailhead feedback over on Salesforce Help.

We'd love to hear about your experience with Trailhead - you can now access the new feedback form anytime from the Salesforce Help site.

Learn More Continue to Share Feedback