Secure Text user input control

  • Release version: Xanadu
  • Updated August 1, 2024
  • 3 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Secure Text user input control

    The Secure Text user input control in ServiceNow provides a secure way to capture and encrypt sensitive information entered by users. It is especially designed for use in topics that involve large language model (LLM) discovery, ensuring that sensitive data is encrypted and not sent through the LLM. This control supports various text formats and validation methods to ensure data integrity and confidentiality within conversational flows.

    Show full answer Show less

    Key Features

    • Encryption and Security: Encrypts sensitive user inputs using hash functions compliant with WS-Security standards and supports encryption salts for enhanced security.
    • Input Validation: Supports multiple input formats including general text, email, IP addresses (IPv4 and IPv6), phone numbers (E.164 format), URLs, and custom formats validated via scripts with error messaging.
    • Customizable Prompts and Confirmations: Allows defining prompt messages, default values, and confirmation messages either as static text or scripts, enabling personalized user interactions.
    • Conditional Logic: Supports conditions to control whether to show the input node, allow users to skip the node, or skip reprompting on revisiting the node, enhancing conversational flow flexibility.
    • Channel Compatibility: Supported across multiple channels including Web UI, Mobile UI, Now Assist panel, Microsoft Teams, Slack, Workplace, Facebook Messenger, SMS (Twilio), LINE, WhatsApp, Apple Messages for Business, and Alexa (voice). Some channels impose character limits or have specific message handling behaviors.

    Practical Use and Benefits

    ServiceNow customers can leverage the Secure Text input control to securely collect sensitive information such as passwords, personal identifiers, or confidential data during automated conversations and topic discoveries. By enforcing input validation and encryption, this control reduces the risk of data exposure and enhances compliance with security policies.

    The ability to customize user prompts and confirmations ensures a smooth user experience, while conditional logic allows developers to tailor the conversational flow to specific business needs. Broad channel support means this control can be reliably used in many communication environments without compromising security.

    The Secure Text control provides a means to encrypt sensitive information provided as simple text or other formats. Use this control to encrypt sensitive information in topics that use large language model (LLM) discovery.

    Use this control to gather and encrypt user information for topics using large language model (LLM) topic discovery. The Secure Text input also avoids sensitive information from being sent through an LLM.

    Secure Text user input control properties

    Property Description
    Node name Name that identifies this Secure Text user input control node in the topic flow.
    Prompt Text string or script that returns text. This value is used only when the default value isn’t specified. For example: What is your password?
    Input format

    Text format that is validated when a user enters certain text items. When the input isn’t valid, the bot asks the user to reenter the text.

    Choose the format of the text item to be validated:

    • Text: Any text string (no validation).
    • Email: Format that consists of an email prefix (user name), the @ symbol, and domain.
    • IP address (IPV4, IPV6): Data communication delivery format for internet Protocol version 4 or version 6.
    • Phone number (E.164): Internationally recognized standard phone number format.
    • URL: Web address format.
    • Custom: A script that provides a validation rule for a custom text format. The script should include related error messages that are displayed when the expected format isn’t entered.

    For phone and IP address format examples, see E.164 phone formats and IP address field types.
    Hash function The method digest algorithm based on the standard WS-Security specification.
    Encryption salt Random data that is used as an additional input to a one-way function that hashes data.
    Advanced
    Default value A value for the user response to the prompt. For example, if you already know the user name, the default value might be (Script Variables > Last username).
    Confirmation messages
    Input completion confirmation

    Bot response shown to the user when the node interaction is complete. The message can be either a text string or a script that returns text. For example, if you're using dot-walking: Thanks, (Input Variables > Username)! Or if you're using a script, the acknowledgement might be: Thanks, {{vaInputs.username}}!

    Default value confirmation Message that asks the user to verify that the value in the Default value field is correct. This message is used instead of a value in the Prompt field. For example: Are you (Script Variables > Username)?
    Hide or skip this node
    Conditionally show this node

    No-code condition statement or low-code script that specifies a condition for presenting this node in the conversation. The condition must evaluate to true.
    Allow user to skip this node

    No-code condition statement or low-code script that specifies a condition for letting users skip this node in the conversation. The condition must evaluate to true. You can set this field using either the condition builder or a script.
    Skip reprompting No-code condition statement or low-code script that specifies a condition for letting users skip reprompting in the conversation. When a preceding node is revisited through a topic loopback or Dialog Act, the Virtual Agent bypasses this node and automatically retain its original value.

    Example Secure Text user input control

    Input properties Input prompt
    Figure 1. Secure Text input control basic properties
    Secure Text user input basic properties include node name, prompt, input format, hash function, and encryption salt. Advanced options include Default value, Confirmation message, and Hide or skip this node.
    Figure 2. Web UI Secure Text user input prompt
    Secure Text input shown in the web client. The text reads, “What is your first and last name?” and the user response is automatically hidden.

    Channel support

    Note:
    Virtual Agent Designer controls may display and function differently in other channels.
    Table 1. Channel support for the Text user input control
    Channel Support Constraints
    Web UI Supported None.
    Mobile UI Supported None.
    Now Assist panel Supported None.
    Microsoft Teams Supported None.
    Slack Supported Slack users can edit text previously entered in a conversation. However, Virtual Agent processes messages as they’re first entered. If a Slack user edits text input, such as a comment to update a case, then Virtual Agent doesn’t evaluate the edited update.
    Workplace Supported None.
    Facebook Messenger Supported The maximum character limit is 5000 characters.
    SMS Twilio Supported None.
    LINE Supported The maximum character limit is 5000 characters.
    WhatsApp Supported None.
    Apple Messages for Business Supported None.
    Alexa (Voice) Supported For screen devices, character limits may apply. For more information, see the Alexa developer documentation.