Agents – Access Based Restriction

Access-based restriction allows organisations to control who can access specific flows or features in Chat, Voice, and Email Agents based on user attributes. By defining conditions (e.g., email domain, department, role), admins can restrict or allow usage and enforce additional verification methods.

This ensures only authorised users interact with sensitive workflows, maintaining compliance and security.

Security

  1. Always-On Guardrails always active and cannot be disabled, It is default protection for the Agent.


  1. Security Configuration

This section lets you customize additional security rules & can mention Specify restricted topics


a. Restrict Sensitive Topics this will blocks the AI from discussing certain topics.

b. Authentication & Authorization Flow

  1. Enable Authentication & Authorization Flow so that Agent will validates the identity before performing the action.
  2. Authentication Type enable it with the URL.

c. Access Control

Enable Access Control who can access the Agent and what they can Access.

d. User must Login Enable Login Enforcement.

e. Login with the Authentication Type.

For additional validation, enable an authentication method:

  • Magic Auth – Sends a verification link to the user’s email. Only verified users can proceed.
  • Email OTP – Sends a one-time pasword to the user’s email. OTP validation is required to continue.

f. Can define Access Rules with Attribute, Operator & Value.

Example:

  • Attribute: Email
  • Operators: Contains "thunai"  
  • Value: All users with emails containing "thunai"  follow the defined rule.

g. Can limit the access with the Access Level.

  1. Allowed Host

It controls where the Agent can be used (Domain Restriction), It works only on the website and prevents unauthorised usage.

Workflow

  1. User initiates a conversation with the agent (Chat, Voice, or Email).

    The system checks Access Control rules.

    If the user matches conditions:

    • Applied restrictions/instructions take effect.
    • Authentication (if enabled) is triggered.

    • On successful verification, the user proceeds with the allowed flow.

      If the user does not meet value

    • They follow the default flow, or
    • Access is restricted.

Use Cases

  • Restrict internal topics to employees of a certain domain (e.g., @thunai.com  ).
  • Apply different flows for internal vs. external users.
  • Add an authentication step for sensitive workflows.
  • Customise the agent experience based on attributes (e.g., role, department).

With access-based restriction enabled, you can enforce compliance and ensure that only the right users can access sensitive workflows across Chat, Voice, and Email Agents.

Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.

Still need help? Contact Us Contact Us