AI Search
AI Search transforms how you explore identity data in Hydden.Control. Instead of navigating through multiple pages and filters, simply ask questions in plain English and let AI find the answers for you.
Why Use AI Search?
Traditional identity searches require you to know exact field names, navigate complex filters, and manually piece together information from different sources. AI Search changes this by understanding what you're looking for and retrieving relevant data automatically.
Key Benefits
| Benefit | Description |
|---|---|
| Natural Language Queries | Ask questions the way you think, not the way databases work |
| Instant Discovery | Find accounts, owners, groups, and applications without memorizing search syntax |
| Cross-Entity Analysis | Query relationships across accounts, owners, groups, and applications in one question |
| Contextual Insights | Get relevant context and patterns alongside your search results |
| Reduced Learning Curve | New users can be productive immediately without training on complex filters |
Getting Started
Accessing AI Search
There are two ways to use AI-powered search in Hydden.Control:
1. Identity Page (AI Mode)
Navigate to the Identity page from the left sidebar. The page offers two modes:
- Search Mode - Traditional keyword search across entities
- AI Mode - Natural language queries with intelligent results
Toggle between modes using the mode selector at the top of the page. When AI is enabled, you'll see a chat interface where you can type questions.
2. Floating AI Assistant
A floating AI button appears in the bottom-right corner on most pages. Click it to open a chat window where you can ask questions about your data from anywhere in the application.
AI Mode Default
If your administrator has enabled AI features, the Identity page defaults to AI mode for the best search experience.
What You Can Ask
AI Search understands questions about your identity data across multiple entity types.
Entity Types
| Entity | What You Can Query |
|---|---|
| Accounts | User accounts, service accounts, privileged accounts, account status and risk |
| Owners | Business users, account owners, department assignments |
| Groups | Security groups, distribution groups, group membership |
| Applications | Application inventory, account access to applications |
| Roles | Permission roles, role assignments |
| Policies | Access policies, policy rules |
Example Queries by Category
Security Questions
- "Show me all privileged accounts that haven't been used in 90 days"
- "Find accounts with high threat levels"
- "Which accounts don't have MFA enabled?"
- "Show privileged accounts without vaulted credentials"
- "List accounts with failed login attempts"
Access Control Questions
- "Which users have access to sensitive applications?"
- "Find accounts with administrator privileges"
- "Show all accounts in the Finance department"
- "List accounts with elevated permissions"
Account Status Questions
- "List all accounts created in the last 30 days"
- "Find inactive accounts"
- "Show disabled accounts"
- "Which accounts haven't logged in recently?"
- "Find accounts with expired passwords"
Activity & Compliance Questions
- "Show accounts that haven't been used in 90 days"
- "Find accounts with policy violations"
- "List orphaned accounts without owners"
- "Show shared accounts"
Owner & Organization Questions
- "Show owners with more than 10 accounts"
- "Find owners in the IT department"
- "Which owners have inactive accounts?"
- "List owners with high-risk accounts"
Using the Chat Interface
Asking Questions
- Type your question in the input field at the bottom of the chat.
- Press Enter to send (or Shift+Enter for a new line).
- Watch as the AI processes your request with real-time streaming.
- Review the results and insights provided.
Understanding Responses
The AI provides responses in several formats:
Text Explanations
- Clear answers to your questions
- Context about what was found
- Patterns and insights discovered
Entity Results
- Clickable results with entity type indicators
- Color-coded badges for entity types:
- Accounts - Blue
- Owners - Purple
- Groups - Accent color
- Policies - Green
- Roles - Info blue
Tool Usage Indicators
- Shows when AI queries your data (e.g., "Used 2 tools")
- Indicates which data sources were accessed
Status Indicators
| Indicator | Meaning |
|---|---|
| Thinking... | AI is processing your question |
| Used X tools | Number of data queries executed |
| Complete | Response finished successfully |
| Warning | Response includes caveats (e.g., data limits reached) |
Follow-Up Questions
The AI maintains conversation context, so you can ask follow-up questions:
Example conversation:
- You: "Show me privileged accounts"
- AI: [Shows 50 privileged accounts]
- You: "Which of these haven't logged in for 90 days?"
- AI: [Filters to show inactive privileged accounts]
Viewing Results
Result Cards
Each result appears as a clickable card showing:
- Entity name - The account, owner, group, or other entity name
- Description - Email, department, or relevant details
- Type badge - Visual indicator of entity type
Opening Details
Click any result to open the detailed view:
- Accounts - Opens Account Details drawer with security metrics, status, and history
- Owners - Opens Owner Details with associated accounts and risk metrics
- Groups - Opens Group Members view showing all members
- Policies - Opens Policy Details with rules and associations
- Roles - Opens Role Details with owner assignments
Navigating from Results
From the details drawer, you can:
- View comprehensive entity information
- Navigate to related entities
- Access additional actions (depending on your role)
Suggested Queries
When you first open AI Search, you'll see suggested queries to help you get started:
| Category | Suggested Query |
|---|---|
| Security | "Show privileged accounts" |
| Activity | "List recent user activity" |
| Access | "Find inactive accounts" |
| Permissions | "Find accounts with administrator privileges" |
Click any suggestion to run it immediately. These examples demonstrate the types of questions AI Search understands.
Tips for Effective Queries
Be Specific
Instead of: "Show accounts" Try: "Show privileged accounts in the Finance department that haven't logged in for 60 days"
Use Natural Phrasing
Instead of: "account status=inactive department=IT" Try: "Which IT department accounts are inactive?"
Combine Criteria
The AI understands complex queries:
- "Find accounts with high risk scores that have admin privileges"
- "Show owners in Engineering with more than 5 inactive accounts"
- "List groups with privileged accounts that haven't been reviewed"
Ask About Patterns
Beyond simple searches, ask about trends:
- "Which department has the most inactive accounts?"
- "What are the common characteristics of high-risk accounts?"
- "Show me accounts that might need review"
Traditional Search Mode
For users who prefer traditional search, the Identity page also offers keyword-based search:
How Traditional Search Works
- Toggle to Search mode on the Identity page.
- Enter a search term (partial matches supported).
- Results return matching accounts, owners, groups, policies, and roles.
Search Results Table
| Column | Description |
|---|---|
| Type | Entity type (account, owner, role, policy, group) |
| Name | Entity name |
| Description | Email address or entity-specific description |
Entity-Specific Search Tips
| Entity Type | Search By |
|---|---|
| Accounts | Username, email address, or domain |
| Owners | Name, email address, or domain |
| Groups | Group name |
| Policies | Policy name |
| Roles | Role name |
Detailed Entity Views
Click any search result to open detailed information.
Account Details
| Section | Fields |
|---|---|
| Basic Information | Account ID, Name, Display Name, Email, UPN, Domain, Employee ID, Manager |
| Organization | Department, Title, Location, Country, Cost Center, Phone |
| Data Source | Source Name, Platform, Provider, Account Type, Path |
| Security & Risk | Total Threat, Threat Level, Risk Score, Compliance Status, MFA Enrolled, Admin Rights, Privileged, Orphaned |
| Account Status | Status, Locked, Suspended, Disabled, Failed Login Attempts, Classification |
| Password & Authentication | Password Age, Password Never Expires, Password Expired, Must Change Password, MFA Status |
| Dates & Timeline | Created, Updated, Account Creation Date, Last Login, Last Password Change, Last Risk Assessment |
| PAM & Vaulting | Managed by PAM, Vault Safe, CyberArk Discovery, Data Owner |
| Compromise Information | Compromise Date, Compromise Name, Breach Information |
| Statistics | Activity Total, Group Membership Total, Owner Mapping Total, Password Security Total |
| Risk Indicators | Group Deviation, Shared Accounts, Inactive Owners, No Owner |
Owner Details
| Section | Fields |
|---|---|
| Basic Information | Name, Identity ID, Owner ID, Type (Human, Federated, Service), Status |
| Contact | Primary Email |
| Organization | Department, Title, Start Date, End Date |
| Security Metrics | Total Threat Level |
| Inactive Accounts | 90+ days, 180+ days, 365+ days counts |
| Risk Indicators | Privilege Score, Breach Data, Account Activity, Group Membership, Password Security |
| Password Security | Never set, 365+ days old, 180+ days old, 90+ days old counts |
| Metadata | Created, Updated, Internal ID |
Group Details
| Section | Fields |
|---|---|
| Group Information | Name, Description, System, Critical Group, Total Members |
| Members | Member cards showing Name, Email, Type (Direct/Indirect), Added Date, Status |
Policy Details
| Section | Fields |
|---|---|
| Policy Header | Name, Type tag, Priority level |
| Description | Policy description text |
| Associations | Associated Roles, Target Applications, Target Groups |
| Rules | Policy rules and conditions |
| Information | ID, Created, Last Updated, Created By |
| Understanding | AI-generated explanation of policy purpose and processing |
Role Details
| Section | Fields |
|---|---|
| Role Information | Name, Role ID, Total Owners |
| Attributes | Department, Title |
| Dates | Created, Updated |
| Owners | Owner cards showing Name, Email, Department, Title |
AI Search and Roles
AI Search availability depends on your role and administrator configuration.
| Role | AI Search Access |
|---|---|
| Administrator | Full access to all AI features |
| Reviewer | AI search within scoped data (if enabled) |
| Auditor | AI search within scoped data (if enabled) |
::: note Feature Availability AI Search must be enabled by your administrator in Settings > AI Assistant. If you don't see the AI option, contact your administrator. :::
Troubleshooting
AI Mode Not Available
Cause: AI features not enabled by administrator.
Solution: Contact your administrator to enable AI features in Settings > AI Assistant.
No Results Returned
Cause: Query too specific or data doesn't exist.
Solution: Try broadening your query or checking that the data exists in your system.
Slow Responses
Cause: Complex queries across large datasets.
Solution: Be more specific in your query to narrow the search scope.
"Thinking..." Persists
Cause: Processing a complex query or temporary service issue.
Solution: Wait for completion or refresh the page and try again.
Related Topics
- AI Assistant Settings - Configuring AI features
- Accounts - Account management
- Applications - Application management
- Campaign Rules - AI-assisted rule creation
- Platform Users - Role-based access