Secure Text user input control

  • Release version: Yokohama
  • Updated January 30, 2025
  • 3 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Secure Text user input control

    The Secure Text user input control in ServiceNow’s Virtual Agent provides a secure way to collect and encrypt sensitive user information, such as passwords or personal data, especially when interacting with topics that use large language model (LLM) discovery. This control ensures sensitive inputs are encrypted and prevents them from being sent directly through an LLM, enhancing data security during conversations.

    Show full answer Show less

    Key Features

    • Input Validation: Supports multiple input formats including general text, email, IP addresses (IPv4, IPv6), phone numbers (E.164 standard), URLs, and custom scripted validations to ensure correct data entry.
    • Encryption: Utilizes a hash function based on WS-Security standards and an encryption salt for added security in hashing sensitive inputs.
    • Customizable Prompts and Confirmations: Allows setting prompt messages, default values (including script-based), and confirmation messages to enhance user interaction and validation.
    • Conditional Node Behavior: Supports conditions to show or hide the input control node, allow users to skip the node, or skip reprompting on revisits, enabling flexible conversational flows.
    • Channel Support: Compatible across multiple communication channels including Web UI, Mobile UI, Now Assist panel, Microsoft Teams, Slack, Workplace, Facebook Messenger, SMS via Twilio, LINE, WhatsApp, Apple Messages for Business, and Alexa voice interactions. Some channels may have character limits (e.g., 5000 characters for Facebook Messenger and LINE) or specific constraints such as Slack not re-evaluating edited messages.

    Practical Use for ServiceNow Customers

    ServiceNow customers can use the Secure Text input control to safely gather sensitive user inputs within Virtual Agent conversations without exposing that data to external LLM processing. This is critical when handling confidential information like passwords or private identifiers. The ability to validate input formats reduces errors and improves data quality. Conditional display and skip logic allow for adaptive and user-friendly dialog flows, while broad channel support ensures consistent behavior across various customer touchpoints.

    The Secure Text control provides a means to encrypt sensitive information provided as simple text or other formats. Use this control to encrypt sensitive information in topics that use large language model (LLM) discovery.

    Use this control to gather and encrypt user information for topics using large language model (LLM) topic discovery. The Secure Text input also avoids sensitive information from being sent through an LLM.

    Secure Text user input control properties

    Property Description
    Node name Name that identifies this Secure Text user input control node in the topic flow.
    Prompt Text string or script that returns text. This value is used only when the default value isn’t specified. For example: What is your password?
    Input format

    Text format that is validated when a user enters certain text items. When the input isn’t valid, the bot asks the user to reenter the text.

    Choose the format of the text item to be validated:

    • Text: Any text string (no validation).
    • Email: Format that consists of an email prefix (user name), the @ symbol, and domain.
    • IP address (IPV4, IPV6): Data communication delivery format for internet Protocol version 4 or version 6.
    • Phone number (E.164): Internationally recognized standard phone number format.
    • URL: Web address format.
    • Custom: A script that provides a validation rule for a custom text format. The script should include related error messages that are displayed when the expected format isn’t entered.

    For phone and IP address format examples, see E.164 phone formats and IP address field types.
    Hash function The method digest algorithm based on the standard WS-Security specification.
    Encryption salt Random data that is used as an additional input to a one-way function that hashes data.
    Advanced
    Default value A value for the user response to the prompt. For example, if you already know the user name, the default value might be (Script Variables > Last username).
    Confirmation messages
    Input completion confirmation

    Bot response shown to the user when the node interaction is complete. The message can be either a text string or a script that returns text. For example, if you're using dot-walking: Thanks, (Input Variables > Username)! Or if you're using a script, the acknowledgement might be: Thanks, {{vaInputs.username}}!

    Default value confirmation Message that asks the user to verify that the value in the Default value field is correct. This message is used instead of a value in the Prompt field. For example: Are you (Script Variables > Username)?
    Hide or skip this node
    Conditionally show this node

    No-code condition statement or low-code script that specifies a condition for presenting this node in the conversation. The condition must evaluate to true.
    Allow user to skip this node

    No-code condition statement or low-code script that specifies a condition for letting users skip this node in the conversation. The condition must evaluate to true. You can set this field using either the condition builder or a script.
    Skip reprompting No-code condition statement or low-code script that specifies a condition for letting users skip reprompting in the conversation. When a preceding node is revisited through a topic loopback or Dialog Act, the Virtual Agent bypasses this node and automatically retain its original value.

    Example Secure Text user input control

    Input properties Input prompt
    Figure 1. Secure Text input control basic properties
    Secure Text user input basic properties include node name, prompt, input format, hash function, and encryption salt. Advanced options include Default value, Confirmation message, and Hide or skip this node.
    Figure 2. Web UI Secure Text user input prompt
    Secure Text input shown in the web client. The text reads, “What is your first and last name?” and the user response is automatically hidden.

    Channel support

    Note:
    Virtual Agent Designer controls may display and function differently in other channels.
    Table 1. Channel support for the Text user input control
    Channel Support Constraints
    Web UI Supported None.
    Mobile UI Supported None.
    Now Assist panel Supported None.
    Microsoft Teams Supported None.
    Slack Supported Slack users can edit text previously entered in a conversation. However, Virtual Agent processes messages as they’re first entered. If a Slack user edits text input, such as a comment to update a case, then Virtual Agent doesn’t evaluate the edited update.
    Workplace Supported None.
    Facebook Messenger Supported The maximum character limit is 5000 characters.
    SMS Twilio Supported None.
    LINE Supported The maximum character limit is 5000 characters.
    WhatsApp Supported None.
    Apple Messages for Business Supported None.
    Alexa (Voice) Supported For screen devices, character limits may apply. For more information, see the Alexa developer documentation.