Domain separation and Generative AI Controller

  • Release version: Xanadu
  • Updated August 1, 2024
  • 4 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Domain separation and Generative AI Controller

    Domain separation in Generative AI Controller allows ServiceNow customers to logically partition data, processes, and administrative tasks into distinct domains. This ensures that users in one domain cannot access the data or capabilities of another, enabling secure multi-tenant environments. The generative AI tables are domain-aware, supporting OneExtend capabilities which are foundational for Virtual Agent Designer topics, components, flows, and scripts leveraging generative AI.

    Show full answer Show less

    How Domain Separation Works in Generative AI Controller

    Domain separation is enabled at the OneExtend capability level. Each capability record, such as those in the sysoneextendcapability table, is assigned to a specific domain when created. Customers can create new capabilities in different domains by using existing capability records as templates. After creating a new capability record, corresponding attribute and configuration records must be created in the new domain to mirror the original capability's setup.

    Specifically, customers must create:

    • OneExtend Capability Attribute records matching the global domain values
    • A OneExtend Capability Definition record corresponding to the new capability
    • A OneExtend Definition Config record that includes the capability definition for the new domain

    These records can be managed through related lists on the OneExtend Capability record view. It is critical to select matching capability definitions to avoid unexpected behavior (e.g., using Sentiment Analysis definitions for sentiment analysis capabilities).

    Key Benefits and Use Cases

    • Enables secure multi-tenant support by isolating generative AI data and configurations per domain
    • Supports customized Virtual Agent topics, Workflow Studio flows, and business rule scripts that are domain-specific
    • Allows service providers to tailor AI-driven processes and administrative controls per customer within a single instance
    • Facilitates compliance and data governance by controlling user access to AI capabilities across domains

    Support and Configuration

    Domain separation support in Generative AI Controller is standard and includes domain-aware application properties and business logic configured per tenant. Instance owners must configure data parameters and business logic to meet specific tenant requirements, such as enabling or restricting comment fields on record closure by domain.

    Domain separation is supported for Generative AI Controller. Domain separation enables you to separate data, processes, and administrative tasks into logical groupings called domains. You can control several aspects of this separation, including which users can see and access data.

    Support level: Standard

    • Includes all aspects of Basic level support.
    • Application properties are domain-aware as needed.
    • Business logic: The service provider (SP) creates or modifies processes per customer. The use cases reflect proper use of the application by multiple SP customers in a single instance.
    • The instance owner must configure the minimum viable product (MVP) business logic and data parameters per tenant as expected for the specific application.

    Sample use case: An admin must be able to make comments required when a record closes for one tenant, but not for another.

    For more information on support levels, see Application support for domain separation.

    Overview of domain separation and Generative AI Controller

    Domain separation enables you to create partitions in the application data and administrative processes. Because the generative AI tables are domain separated, Generative AI Controller supports domain separation for OneExtend capabilities. The capabilities are the basic building blocks for Virtual Agent Designer topics, components, flows, and scripts that use generative AI. With domain separation, you can isolate the data and control access so that users in one domain don’t have access to the capabilities of another domain.

    For more details on domain separation and Virtual Agent, check out the documentation.

    How domain separation works in Generative AI Controller

    Domain separation is possible at the generative AI OneExtend capability level. Records that are related to the execution and configuration of OneExtend capabilities, such as log tables that are accessible to ServiceNow personnel, are also separated according to the capability's domain.

    If you want to create a copy of an existing generative AI capability in a different domain, you must create a record in the OneExtend Capabilities (sys_one_extend_capability) table. See the reference for Generative AI Controller for more information about the OneExtend Capabilities table.

    You set the domain when the record is created. The domain is based on the domain that you're in at the time that you create the record. When you're creating a capability record, you can use an existing OneExtend Capability record as a blueprint to help confirm that the capability works as intended.

    After you create the OneExtend Capability record, you must create records for the following attribute and config records in the new domain:

    • OneExtend Capability Attribute records with the same values as the capability in the global domain.
    • A OneExtend Capability Definition that corresponds to the new capability.
    • A OneExtend Definition Config definition record that includes the OneExtend Capability Definition for the new domain.

    For more information on setting up OneExtend Definition Configs to use in Virtual Agent Designer, see enabling Generative AI Controller for Virtual Agent.

    You can also create these records by using the related lists in the OneExtend Capability record default view.

    Note:
    The OneExtend Capability Definition record that you add must be the same as the capability that you want in the new domain. For example, if you’re creating a capability in a new domain for sentiment analysis, you could add the Sentiment Analysis (OpenAI Completion) record. Adding the Summarize (OpenAI Completion) Config could result in unexpected behavior. The OneExtend Definition Config record that you select should include the OneExtend Capability Definition record that you added.

    Use cases

    With domain-separated capabilities, you can build different Virtual Agent topics, flows with Workflow Studio, or different background and business rule scripts that are also domain separated.