Theme
Authenticate Node
The Authenticate node prompts the user to sign in through a configured SSO (Single Sign-On) provider. It presents a sign-in button in the chat widget and routes execution to one of three output handles based on the authentication outcome: Success, Failure, or Timeout.
When to Use
- You need to verify the user's identity before granting access to sensitive operations.
- You want to personalize the conversation with the user's profile information (name, email) from their SSO provider.
- You need an access token to call authenticated APIs on behalf of the user.
- You want gated sections in your flow that require authentication.
Configuration
| Property | Description | Default |
|---|---|---|
| SSO Provider | The SSO integration to use (e.g., Okta, Azure AD, Google). | None (required) |
| Button Text | Text displayed on the sign-in button in the chat widget. | Sign In |
| Button Description | Description text shown below the button. | Please sign in to continue |
| OAuth Scopes | Space-separated list of OAuth scopes to request (e.g., openid profile email). | Empty |
| Token Variable Name | Session variable to store the access token after successful authentication. | auth_token |
| Store User Info | Whether to also store the user's profile information. | true |
| User Info Variable | Session variable to store the user profile (shown when Store User Info is enabled). | user_info |
| Timeout | How long to wait for the user to complete authentication (30 to 3,600 seconds). | 300 (5 minutes) |
Handles
| Handle | Direction | Description |
|---|---|---|
| Input | In | Receives execution from the previous node |
| Success | Out | The user successfully authenticated. Token and user info are stored. |
| Failure | Out | The user cancelled authentication or credentials were rejected. |
| Timeout | Out | The user did not complete authentication within the timeout period. |
How It Works
- The bot sends a sign-in button to the chat widget.
- The user clicks the button, which opens the SSO provider's login page.
- The user authenticates with the provider (password, MFA, etc.).
- On success, the access token is stored in the configured variable and execution follows the Success handle.
- If the user cancels or authentication fails, execution follows the Failure handle.
- If the timeout expires before the user completes login, execution follows the Timeout handle.
Authenticate node config panel showing SSO provider dropdown, button text and description fields, OAuth scopes input, token variable name, store user info toggle, and timeout slider
Chat widget showing an SSO sign-in button with descriptive text prompting the user to authenticate, styled as a prominent action button within the conversation
TIP
Use the stored access token in subsequent API Call nodes to make authenticated requests on behalf of the user. Reference it as {{auth_token}} in the Authorization header.
WARNING
Always connect all three output handles (Success, Failure, Timeout) to ensure the conversation continues regardless of the authentication outcome. An unconnected handle will cause the conversation to end if that path is taken.