AI Chat Agent

Table of Contents

1. OpenAI Assistant Configuration Guide

2. AI Chat Settings Guide

OpenAI Assistant Configuration Guide

This guide provides detailed information about the OpenAI Assistant Configuration page in AskInfosec, which allows you to set up and manage OpenAI-powered assistants for your helpdesk system.

Overview

The OpenAI Assistant Configuration page (/helpdesk/setup) enables you to:

1. Configure your OpenAI API key

2. Create and manage OpenAI assistants

3. Add vector stores for knowledge retrieval

4. Provide instructions for your assistants

5. Assign assistants to specific roles in your helpdesk system

6. Sync assistants with OpenAI

Required Setup Steps

To fully configure an AI Assistant for use with the AI Chat Widget, you must complete these steps:

1. Configure OpenAI API Key: Enter your OpenAI API key in the configuration section

2. Create an AI Assistant: Create a new assistant with a descriptive name

3. Add Vector Store: Link a vector store to your assistant for knowledge retrieval

4. Add Instructions: Provide detailed instructions for how your assistant should behave

5. Assign to AI Agent Role: Assign your assistant to the AI Agent role

Access Requirements

• View Access: Users with at least admin permissions can view the page

• Edit Access: Only organization owners can fully edit settings and assign roles

• Limited Edit Access: Admins (non-owners) can only edit assistant instructions

Page Sections

1. OpenAI API Configuration

This section allows you to configure your organization-specific OpenAI API key:

• OpenAI API Key: Enter your organization's OpenAI API key

• If left empty, the system will use the global OpenAI API key

• Your organization's key is securely stored and used exclusively for your organization's AI assistants

2. OpenAI Assistants Management

This section allows you to create, configure, and manage your OpenAI assistants:

Available OpenAI Assistants

• View a list of all your OpenAI assistants

• Create new assistants with the "New Assistant" button

• Select an assistant to edit or assign to a role

• Each assistant shows a sync status indicator:

  • 🟢 Green: Assistant is fully synced with OpenAI

  • 🟡 Yellow: Assistant needs to be synced with OpenAI

  • 🔴 Red: Assistant doesn't exist in OpenAI

Assistant Role Assignment

Assign assistants to specific roles in your helpdesk system:

• AI Agent: Handles direct user queries in the customer-facing chatbot interface

• AI Copilot: Provides AI-powered suggestions to support your human agents in the admin interface

Setup Guide

The OpenAI Assistant Configuration page now includes an interactive Setup Guide that walks you through the required steps to configure your AI Assistant. The guide shows your current progress and provides direct actions to complete each step.

Step 1: Configure OpenAI API Key

You have two options for configuring the OpenAI API key:

Option A: Use Your Own API Key

1. Scroll down to the OpenAI API Configuration section

2. Make sure the "Use global OpenAI API key" checkbox is unchecked

3. Enter your OpenAI API key in the input field

4. Click the "Save Changes" button to save your key

Option B: Use the Global API Key

1. Scroll down to the OpenAI API Configuration section

2. Check the "Use global OpenAI API key instead of organization-specific key" checkbox

3. The system will automatically use the global API key managed by the administrator

Step 2: Create a New Assistant

1. Click the "Create Assistant" button in the Setup Guide (or the "New Assistant" button in the Assistants section)

2. Enter a name for your assistant in the dialog

3. Click "Create Assistant"

4. The new assistant will appear in your list of available assistants

Step 3: Add Vector Store

Vector stores allow your assistant to access knowledge bases for more accurate responses:

1. Select your assistant from the list

2. Click the "Add Vector Store" button in the Setup Guide (or the "Edit" button next to your assistant)

3. In the assistant details sheet, click "Add Vector Store"

4. Enter a name for your vector store

5. Click "Create Vector Store"

6. The vector store will be added to your assistant

Step 4: Add Instructions

Instructions tell your assistant how to behave and respond to user queries:

1. Select your assistant from the list

2. Click the "Edit" button next to your assistant

3. In the assistant details sheet, enter detailed instructions in the Instructions field

4. Click "Save Changes" to update the assistant

Step 5: Assign to AI Agent Role

1. Select your assistant from the list

2. Click "Set as Agent" in the AI Agent role card

3. The assistant will be assigned to the AI Agent role

4. The page will refresh to show the updated assignment

Syncing Assistants with OpenAI

Assistants need to be synced with OpenAI to function properly:

1. When you create or edit an assistant, it will automatically sync with OpenAI

2. If an assistant shows a yellow or red sync status, it needs to be synced

3. Click the sync button (circular arrow) next to the assistant to sync it with OpenAI

Security Settings

Security settings for the AI chat widget (Token Secret Key and Allowed Origins) have been moved to the AI Chat Settings page. These settings control:

• Which domains can access your AI chat widget

• How authentication tokens are generated

Access these settings by clicking the "Go to AI Chat Settings Page" link.

Understanding the UI

Setup Guide

The Setup Guide at the top of the page provides a visual representation of your progress:

• Green Checkmark: Step is complete

• Blue Circle: Current step in progress

• Gray Circle: Pending step (will be enabled when previous steps are complete)

• Action Buttons: Some steps have action buttons to help you complete them directly

API Key Configuration

The API Key section now includes a checkbox to easily switch between using your own API key or the global system key:

• Use global OpenAI API key checkbox: When checked, the API key field is disabled and the system will use the global key

• API Key field: Disabled when using the global key, enabled when using your own key

Assistant Sync Status Indicators

Each assistant in the list shows a colored dot indicating its sync status with OpenAI:

• 🟢 Green: Assistant is fully synced with OpenAI

• 🟡 Yellow: Assistant needs to be synced with OpenAI (configuration has changed)

• 🔴 Red: Assistant doesn't exist in OpenAI (needs to be created)

Role Assignment Cards

The role assignment section shows two cards:

• AI Agent Card: For assigning an assistant to handle user queries in the chat widget

• AI Copilot Card: For assigning an assistant to support human agents in the admin interface

When an assistant is assigned to a role, the card will be highlighted with a colored border.

Troubleshooting

• Assistant Not Syncing: Ensure your OpenAI API key is valid and has the necessary permissions

• Role Assignment Not Working: Only organization owners can assign assistants to roles

• Assistant Not Appearing: Refresh the page to ensure the latest data is loaded

• Error Messages: Check the error message for specific issues and ensure all required fields are filled

• Vector Store Not Working: Make sure your OpenAI API key has access to the vector store functionality

• API Key Issues: If you're having problems with your API key, try toggling the "Use global OpenAI API key" checkbox to use the system key instead

AI Chat Settings Guide

This guide provides comprehensive information about the AI Chat Settings page in AskInfosec, which allows you to configure and customize your AI Chat widget for embedding on external websites.

Overview

The AI Chat Settings page (/helpdesk/ai-chat-settings) enables you to:

1. Configure the appearance and behavior of your AI Chat widget

2. Set up security settings for external website integration

3. Customize the content and messaging of your chat interface

4. Preview how your chat widget will appear to users

Page Structure

The AI Chat Settings page is divided into four main sections:

1. Basic Settings: Configure essential settings like assistant name and widget position (some features require Enterprise subscription)

2. Appearance: Customize the visual appearance of the chat widget

3. Content: Set up initial messages and suggested questions

4. Advanced: Configure security settings for external website integration

Advanced Tab: Security Settings

The Advanced tab contains critical security settings that control how your AI Chat widget can be embedded and accessed on external websites.

Token Secret Key

The Token Secret Key is a security credential used to generate and validate authentication tokens for your AI Chat widget.

• Purpose: This key is used to create secure tokens that authenticate communication between external websites and your AI assistant

• Security: Keep this key confidential as it provides access to your AI assistant

• Requirements: Must be set for the chat widget to function on external websites

• Generation: You can generate a new secure key by clicking the refresh icon

Allowed Origins (Domains)

The Allowed Origins field specifies which external websites are permitted to embed and use your AI Chat widget.

• Purpose: This security measure prevents unauthorized websites from accessing your AI assistant

• Format: Each origin must be a complete URL with protocol (e.g., https://www.example.com)

• Multiple Domains: You can add multiple domains if you want your chat widget to work on several websites

• Validation: Each domain is validated to ensure it's properly formatted

How to Configure Security Settings

Setting Up the Token Secret Key

1. Navigate to the Advanced tab in AI Chat Settings

2. In the Token Secret Key field:

   • Use the existing key if one is already set

   • Click the refresh icon to generate a new secure key

   • Or enter your own key (not recommended unless you have specific requirements)

3. Click "Save Advanced Settings" to apply changes

Managing Allowed Origins

1. Navigate to the Advanced tab in AI Chat Settings

2. In the Allowed Origins section:

   • View your currently allowed domains (if any)

   • To add a new domain, enter the complete URL (with http:// or https://) in the input field

   • Click the "Add" button or press Enter to add the domain to the list

   • To remove a domain, click the X icon next to it

3. Click "Save Advanced Settings" to apply changes

Embedding the AI Chat Widget on External Websites

Once you've configured the security settings, you can embed the AI Chat widget on your allowed websites by following these steps:

Step 1: Add the Domain to Allowed Origins

Ensure the website's domain is added to the Allowed Origins list in the Advanced tab.

Step 2: Add the Widget Script to Your Website

Add the following script tag to your website's HTML:

Replace your-askinfosec-instance.com with your actual AskInfosec instance URL.

Step 3: Initialize the Widget

Add the following JavaScript code to initialize the widget:

Replace your-organization-id with your actual organization ID from AskInfosec.

Authentication Flow

The AI Chat widget uses a secure token-based authentication system:

1. When a user visits your website with the embedded widget, the widget requests a token from the AskInfosec server

2. The server validates that the request is coming from an allowed domain

3. If valid, the server generates a token using your Token Secret Key

4. This token is used for all subsequent communication between the widget and the AskInfosec server

5. The token expires after 24 hours, requiring re-authentication

Troubleshooting

Widget Not Appearing on External Website

1. Check Allowed Origins: Verify that the exact domain (including protocol) is in your Allowed Origins list

2. Verify Token Secret Key: Ensure a Token Secret Key is set

3. Check Console Errors: Look for JavaScript errors in your browser's developer console

4. CORS Issues: If you see CORS errors, double-check that the domain in Allowed Origins exactly matches your website's URL

Authentication Errors

1. Invalid Token: Ensure your Token Secret Key is properly set

2. Domain Not Authorized: Verify the domain is correctly added to Allowed Origins

3. Token Expired: Tokens expire after 24 hours; the widget should automatically request a new one

Security Best Practices

1. Generate a Strong Token Secret Key: Use the built-in generator for a secure key

2. Limit Allowed Origins: Only add domains you control and trust

3. Use HTTPS: Always use HTTPS URLs for your Allowed Origins for secure communication

4. Regular Rotation: Consider periodically generating a new Token Secret Key for enhanced security

Enterprise Features

Some features in the AI Chat Settings are exclusive to Enterprise subscribers:

1. Widget Position: Enterprise subscribers can choose between "Bottom Right" and "Bottom Left" positions for the chat widget

2. Advanced Theme Customization: Enterprise subscribers have access to more detailed theme customization options

Non-Enterprise users will see these features in the interface, but they will be disabled with an "Enterprise" badge indicating they require an upgrade.