AI Assistant Settings
The AI Assistant Settings allow administrators to enable and configure AI-powered features in Hydden.Control. The AI Assistant helps users query data, analyze access patterns, and get intelligent recommendations using natural language.
Overview
Hydden.Control's AI capabilities are centrally managed by Hydden, eliminating the need for individual organizations to configure API keys or model settings. Administrators simply enable the features they want available to their users.
AI Capabilities
When enabled, the AI Assistant provides:
- Natural language queries - Search for accounts, groups, and applications using plain language
- Campaign recommendations - AI-generated approval/revoke/review recommendations with confidence scores and reasoning
- Risk analysis explanations - Understand why accounts have specific risk scores with detailed factor breakdowns
- Access pattern analysis - Identify unusual or concerning access patterns based on role analysis and historical data
- Campaign assistance - Help creating and managing access review campaigns with intelligent suggestions
- Batch grouping - AI-powered grouping of similar accounts for efficient bulk review
- Contextual insights - Deep analysis considering account details, owner context, group memberships, and role patterns
Configuring AI Features
Master Toggle
The Enable AI Assistant toggle controls the overall availability of AI features:
- Enabled - AI Assistant button appears on the Identity page and AI features are available throughout the application
- Disabled - All AI features are hidden and unavailable
Quick Disable
Use the master toggle to quickly disable all AI features for compliance or security reasons without changing individual feature settings.
Feature Groups
When the AI Assistant is enabled, you can control specific feature groups independently:
Identity Data Analysis
Enables AI to query and analyze identity data:
| Tool | Description |
|---|---|
query_accounts | Search and filter accounts using natural language |
query_groups | Search and analyze groups |
query_owners | Query business owners and their accounts |
query_applications | Search connected applications |
Enable when: Users need to explore identity data using natural language instead of manual filters.
Disable when: You want to restrict AI access to sensitive identity information.
Configuration Management
Enables AI to query configuration settings:
| Tool | Description |
|---|---|
query_campaign_rules | Understand campaign rule configurations |
query_policies | Query access policies |
query_roles | Search and analyze generated roles |
Enable when: Users need help understanding how rules and policies are configured.
Disable when: Configuration details should only be accessed through the UI.
Campaign Operations
Enables AI to assist with campaigns:
| Tool | Description |
|---|---|
list_campaigns | View and search campaigns |
start_campaign | Initiate campaign activation |
query_approvals | Query campaign approval status |
query_compliance | Analyze compliance posture |
Enable when: Users need AI assistance managing and monitoring campaigns.
Disable when: Campaign operations should only be performed through the standard UI.
AI Campaign Recommendations
When AI recommendations are enabled for a campaign, the AI analyzes each account comprehensively to provide decision guidance:
| Analysis Component | Description |
|---|---|
| Account Context | Account type, status, privileges, MFA status, last login, password age, risk score, threat level, application platform |
| Owner Context | Owner identity, title, department, manager, status, roles, total account count, role access patterns |
| Group Memberships | Groups the account belongs to, privilege levels, member counts |
| Role Analysis | Typical access patterns for the owner's role, including common applications and groups |
| Owner Accounts | Other accounts owned by the same person, showing cross-application access patterns |
AI Recommendation Output:
- Decision: Approve, review, or revoke
- Confidence: Score from 0-100 indicating AI certainty
- Reason: One-sentence summary explaining the recommendation
- Primary Factors: Key factors that influenced the decision
- Risk Indicators: Security or compliance concerns identified
- Data Gaps: Missing information that limited the analysis
Generation and Storage:
- Recommendations are generated when the campaign is launched
- Stored recommendations ensure consistent review experience
- Background job processes recommendations for all campaign accounts
- Progress tracking shows recommendation generation status
AI Recommendation Performance
For large campaigns (1000+ accounts), AI recommendation generation may take several minutes. The process runs in the background, and you can monitor progress in the campaign settings.
Enabling AI Features
- Navigate to Settings and select the AI Assistant tab.
- Toggle Enable AI Assistant to turn on AI features.
- Configure individual feature groups as needed:
- Toggle each feature group on or off
- Changes take effect immediately
- Settings are automatically saved when toggled.
Immediate Effect
Changes to AI feature settings take effect immediately for all users. Consider the impact before disabling features during active work sessions.
Using the AI Assistant
Accessing the AI Assistant
When enabled, the AI Assistant appears as a button on the Identity page. Click the button to open the AI chat interface.
Example Queries
Account Queries:
- "Show me all privileged accounts with high risk"
- "Find accounts without MFA enabled"
- "Which accounts have access to critical applications?"
- "List service accounts that haven't been used in 90 days"
Group Queries:
- "Show me groups with more than 50 members"
- "Find groups that contain admin accounts"
- "Which groups grant access to sensitive applications?"
Campaign Queries:
- "What campaigns are currently active?"
- "How many accounts are pending review in the Q1 campaign?"
- "Show me the completion progress for all campaigns"
Analysis Queries:
- "Explain why this account has a high risk score"
- "What access patterns are unusual in the engineering department?"
- "Identify accounts that may need access revoked"
Role-Based Access
AI Assistant access respects user roles:
| Role | AI Access |
|---|---|
| Administrator | Full access to all enabled AI features |
| Reviewer | Query data and take actions within their review scope |
| Auditor | Query data within their access limitations |
Reviewers and Auditors can only access data they have permission to view through the standard UI.
Security Considerations
Data Privacy
- AI queries are processed securely through Hydden's infrastructure
- No identity data is retained beyond the query session
- AI models and keys are managed centrally by Hydden
- Organization data remains within your tenant
Access Control
- Only administrators can enable or disable AI features
- AI features respect existing role-based access controls
- Users cannot access data through AI that they cannot access through the UI
- All AI interactions are logged in the Audit Log
Compliance
When compliance requirements restrict AI usage:
- Disable the master toggle to completely turn off AI features
- Or selectively disable feature groups that access sensitive data
- Use the Audit Log to monitor AI usage if required
Troubleshooting
AI Assistant Not Appearing
Cause: AI Assistant is disabled or user lacks permissions.
Solution: Verify the master toggle is enabled in Settings and user has appropriate role.
Feature Not Working
Cause: Specific feature group is disabled.
Solution: Check that the relevant feature group is enabled in AI Assistant settings.
Unexpected Results
Cause: Query was ambiguous or data doesn't match expected patterns.
Solution: Rephrase the query with more specific criteria or use the standard UI filters.
Related Topics
- Campaigns - Creating and managing campaigns
- Audit Log - Tracking AI usage
- Platform Users - Role-based access control
- Settings Overview - All Settings options