Ask AI is a generative AI agent that helps you analyze events and account data using natural-language prompts. As part of investigating user access issues, you can ask Ask AI to take these remediation actions:
- Resetting a user risk score
- Revoking a remote user session and forcing them to re-authenticate
This helps you easily move from investigation to remediation without manually navigating between multiple pages in the Cato Management Application (CMA).
Note: Advanced AI Assistant capabilities, including remote user remediation actions, are currently available as a free trial.
When you use Ask AI to help with a user access issue, it analyzes the relevant account data and suggests a remediation action in the chat. You review the suggested action details and click Approve to execute it.
If you need to change something about the remediation action, click Reject and tell Ask AI what needs to be changed. When the action is correct, click Approve.
The Ask AI agent immediately applies the actions after approval.
Using the Ask AI agent to apply remote user remediation requires RBAC and role edit permissions for the user.
If an admin only has view permissions, Ask AI can help investigate the issue and provide information related to the user, but it can’t execute the action.
The CEO sends a message to the IT department because they can’t access Salesforce. You investigate the issue with Ask AI and see that the CEO has an elevated risk score. Ask AI suggests resetting the CEO’s risk score so they can reconnect, and after you review the suggested action, you click Approve.
A NOC analyst notices that User A is uploading a large amount of data. They investigate the activity with Ask AI, which shows that the user’s risk level is normal, but also indicates that this user does not usually upload large files. Because the behavior is unusual, Ask AI suggests revoking the user’s active sessions as a precaution. After the admin reviews the suggested action and clicks Approve, the Ask AI agent revokes the user’s sessions.
Use Ask AI to investigate a user issue and execute a remediation action from the chat.
To remediate remote users with Ask AI:
- From the navigation menu, click Home > AI Workspace. You can also use the Ask AI right-hand panel.
- Enter a natural-language prompt to reset the user's risk score or revoke the user session.
- Review the suggested action details.
- If you need to update the rule, click Reject and tell Ask AI what to change.
- Click Approve.
Actions performed by Ask AI are logged in the Audit Trail in the same way as if the admin manually performed the actions.
This functionality is also available through the Cato Remote MCP Server. You can use a connected MCP client to reset the risk score and revoke a user session.
Permissions for this functionality are controlled by the API key that the MCP client uses. To prevent users from remediating users, assign them a read-only API key that lets them investigate account data and policy information.
0 comments
Article is closed for comments.