Loading
Salesforce now sends email only from verified domains. Read More
Agentforce and Einstein Generative AI
Table of Contents
Filter by (0)Add
Select Filters

          No results
          No results
          Here are some search tips

          Check the spelling of your keywords.
          Use more general search terms.
          Select fewer filters to broaden your search.

            Search all of Salesforce Help
            Search all of Salesforce Help
            Verify Customers with Standard Subagents in the Legacy Builder

            You are here:

            1. Salesforce Help
            2. Docs
            3. Quickstart Your Einstein Generative AI Solution

            Verify Customers with Standard Subagents in the Legacy Builder

            Before an Agentforce Service agent takes a private action on a user’s behalf, Salesforce recommends verifying the identity of the person the agent is interacting with. To verify the identity of an unverified user in an agent session, configure your agent to use the Customer Verification subagent or the Service Customer Verification subagent and limit access to subagents and actions that you specify. You can require different levels of verification for different subagents and actions, based on your business’s security requirements.

            Required Editions

            Available in: Lightning Experience
            Available in: Enterprise, Performance, Unlimited, and Developer Editions. Required add-on licenses vary by agent type.
            User Permissions Needed  
            To build and manage Service Agents:

            Manage Agentforce Service Agents AND Manage AI Agents

            OR

            Customize Application

            These instructions walk you through how to restrict access to subagents and actions based on whether the user has successfully verified their identity based on their username and email address within an agent session. Here's what you'll do.

            • Learn more about the Customer Verification subagent.
            • Add the subagent to your agent and configure the Send Email with Verification Code and Verify Customer actions to work seamlessly together.
            • Store one or more outputs of the Verify Customer actions in variables, which you'll use to control access to private subagents and actions.
            • Create and apply a filter to restrict access to subagents that contain private actions, based on the conditions you specify.
            • Assign a variable to an action input to require a verified customer ID to execute a private action.
            • Test your changes in Agentforce Builder.

            Keep in mind that these instructions represent one possible configuration of the Customer Verification subagent. You can customize the subagent, agent actions, filters, and variables to meet the needs of your business and use cases.

            See Also

            How the Verification Subagents Work

            When an unverified user triggers a subagent or action that you've configured to require user verification, the agent launches the verification subagent.

            The subagent contains two flow-based agent actions. The first action, Send Email with Verification Code, asks the user for their username or email, and then checks against Salesforce user and contact records. It then sends an email from no-reply@salesforce.com with a one-time passcode (OTP), which remains valid for five minutes. It then prompts the user to check their email and provide the code.

            When the user provides a code, it triggers the second agent action, Verify Customer. This action checks whether the user-provided code matches the generated verification code within the valid window. If the codes match, the Verified output is set to true and the Customer ID output contains the verified user or contact ID. The agent sends a confirmation message and resumes handling the user’s question or request.

            If the codes don’t match, the agent prompts the user to re-enter the code. After three failed attempts, the agent restarts the verification process by asking the user for their username or email.

            Add a Verification Subagent to Your Agent

            To get started, add a verification standard subagent to an agent connected to customer channels.

            In some agent templates, a verification subagent is included with your agent out of the box. If that's true for your template, you can skip this step.

            1. From the Agentforce Agents Setup page, open your agent in Agentforce Builder.
            2. If your agent is active, deactivate it.
            3. From the sidebar, select Subagents.
            4. On the Subagents panel, click New, and then select Add from Asset Library.
            5. Select the Customer Verification subagent or the Service Customer Verification subagent, and then click Finish.

            Assign the Outputs of Send Email with Verification Code to the Inputs of Verify Customer

            Next, configure the actions in your verification subagent to work seamlessly together.

            In some agent templates, the Send Email Verification Code action outputs are already mapped to variables and assigned to the Verify Customer action inputs. If that’s true for your template, you can skip this step.

            1. Store the values of the outputs of the Send Email with Verification Code action.
              1. On the This Subagent’s Actions tab, select the Send Email with Verification Code action.
              2. On the Customer Type output, from the Map to Variable dropdown, select New Custom Variable.
              3. Enter the variable’s details.
              4. Leave the Allow value to be set by API and Allow LLM to use value settings disabled.
                Leaving these settings disabled is a best practice for all variables used for verification or other security functions.
              5. Save your changes.
              6. Repeat this process for the Customer ID and Authentication Key outputs.
                Don't store the output of Customer ID in the Verified Customer ID system variable. Instead, create a custom variable. Verified Customer ID is intended for use only after the verification process is completed.
            2. Assign your new variables to the corresponding inputs of the Verify Customer action.
              1. On the This Subagent’s action’s tab, select the Verify Customer action.
              2. On the Customer Type input, from the Assign a Variable dropdown, select the variable you created to store the Customer Type output from the Send Email with Verification Code action.
              3. Save your changes.
              4. Repeat this process for the Customer ID and Authentication Key inputs, with the variables you created to store the corresponding outputs from the Send Email with Verification Code action.

            Map Verify Customer Action Outputs to Variables

            Store the values of the Verified and Customer ID outputs to variables, so you can use them in filter conditions and as input for actions that you only want the agent to take on behalf of verified users.

            1. On the This Subagent’s Actions tab, select the Verify Customer action.
            2. On the Verified output, from the Map to Variable dropdown, select New Custom Variable.
            3. Name the variable Is Verified and enter the variable’s details.
            4. Leave the Allow value to be set by API and Allow LLM to use value settings disabled.
              Leaving these settings disabled is a best practice for all variables used for verification or other security functions.
            5. Save your changes.
            6. On the Customer ID output, from the Map to Variable dropdown, select Verified Customer ID.
              In some agent templates, the Verified Customer ID is available out of the box as a system variable. If the Verified Customer ID variable doesn’t exist for your template, create it as a custom variable. Leave the Allow value to be set by API and Allow LLM to use value settings disabled.
            7. Save your changes.

            Create and Apply a Filter for Subagents

            Create a filter with the Is Verified and Verified Customer ID variables to make subagents containing private actions available only to verified users.

            1. From the sidebar, select Context.
            2. From the Context panel, select the Filters tab, and then click New.
            3. Enter a name, API name, and description for your filter.
            4. Under Use Assets When, require all conditions to be met for an agent to use a subagent or action with this filter applied.
            5. Create the following conditions.
              • Verified Customer ID Does Not Equal Null
              • Is Verified Equals True
            6. Save your changes.
            7. To use your filter, apply it to any subagents that require verification. From the Subagents panel, click the name of the subagent that you want to modify.
            8. On the subagent’s details panel, click Filter icon.
            9. Search for and select the filter that you want to apply, and then save your changes. Your filter is applied to the subagent or action in this agent only.

            From the This Subagent’s Actions tab, you can also add filters to private actions. To learn more about filters, see Create a Filter to Control Access to Subagents and Actions.

            Assign the Verified Customer ID Variable to Private Action Inputs

            For additional security, add the Verified Customer ID variable as an input for actions that you only want the agent to take on behalf of verified users. The agent can only run the action when the Verified Customer ID variable is filled. You can also use the value of the Verified Customer ID value in the logic of your action.

            1. From the sidebar, select Subagents. Then select the subagent that includes the action that you want to modify.
            2. On the This Subagent’s Actions tab, select the action. On the ID input, from the Assign a Variable dropdown, select the Verified Customer ID variable.
            3. Save your changes.

            Repeat this process for each action that you want to require a verified customer ID.

            Test Your Changes

            Use the preview conversation and preview conditions to verify your changes in Agentforce Builder. Your agent operates in the same Agent User context in the preview conversation as it does when deployed in messaging channels.

            1. From the conversation preview panel, click Preview conditions iconto specify preview conditions.
            2. Specify a specific end user ID and save your changes.
            3. To apply your changes, restart your preview conversation.
            4. Start a conversation that you expect to trigger a subagent or action that you’ve configured to work with the Customer Verification subagent. For example, ask your agent for a refund.
            5. When the agent prompts you for an email address, provide one. You don’t have to check this email to complete the test.
            6. When the agent sends the email, check the plan canvas and copy the OTP. Then send it to the agent.

            If the verification was successful, the agent sends a message to confirm that you’re verified. Then you continue to execute the original subagent you triggered.

            If your agent doesn’t perform as expected, review the variables and filters you’ve created and the subagents and actions you’ve applied them to. You may need to adjust your subagent instructions to help your agent understand when to use the Customer Verification subagent.

            When you’re satisfied with your results, activate your agent.

            Further Customizations

            Make changes to your verification subagent to ensure it meets your business’s use cases and security requirements.

            By default, your verification subagent uses either user or customer IDs and email. However, you can edit the underlying flows associated with either action to modify the identification required or how the OTP is sent. To modify the agent actions, create custom actions based on the same flows.

            You can add additional actions to your verification subagent. Limit the scope of the actions that you use for verification such that each action completes a modular step of the process. Agent actions with outputs that sit empty can cause errors, because the agent attempts to fill the output before a process is complete.

             
            Loading
            Salesforce Help | Article