Agentic

Agentic is a low-code, no-code platform that enables you to rapidly build and manage powerful AI agents that take action and orchestrate workflows dynamically.

This platform approach enables you to customize and manage purpose-specific AI agents that understand your intent and context to perform the following actions:

• Retrieve relevant information from various knowledge bases.
• Take action on apps and data securely with governance.
• Orchestrate workflows end-to-end dynamically.
• Collaborate with other AI agents and humans to execute complex workflows.

Agentic capabilities

The term agentic derives from the concept of agency, which refers to the ability to act independently and make informed choices. Genies are agents that you can build in Agent Studio. Your genies use the knowledge base and skill sets you configure to manage tasks and workflows.

Agentic learning ability

Your genie uses a large language model (LLM) and a detailed prompt to learn new information. The knowledge base recipes and skills recipes that you configure continuously learn from new inputs and adapt to handle dynamic situations effectively.

For example, an IT support genie assists employees who reports losing their connection to a critical app. Within minutes, multiple users report the same issue, suggesting a potential system outage or server disruption. The IT genie adapts by relying on the following learning framework:

• Identify patterns: Your genie uses an LLM to recognize the spike in lost connection reports as a system-wide issue rather than an isolated incident.
• Proactive escalation: Your genie automatically notifies the IT team about the pattern, including key details such as the app affected, the number of users impacted, and the timeframe of the reports.
• Provide updates: Your genie shares progress updates with users as the IT team investigates, such as estimated resolution times or alternative workarounds, based on real-time information.
• Logging insights: Your genie stores data from the incident, including affected regions and user feedback, for post-resolution analysis and future improvements.

Configure SAML settings

You can configure Just-in-Time (JIT) provisioning, user group syncing, and select which users require SAML-based authentication. Complete the following steps to configure your SAML settings:

1

Sign in to your Workato account and go to Workspace admin. The Access control page displays by default.

2

Click Authentication in the sidebar.

3

Ensure that the SAML-based SSO authentication toggle is enabled.

Ensure the SAML-based SSO authentication toggle is enabled

4

Go to the Configure SAML settings section.

Configure SAML settings

5

Use the Enforce SAML authentication for drop-down menu to select who is required to use SAML-based authentication.

6

Click the Enable SAML Just-in-Time (JIT) provisioning toggle if you plan to automatically create accounts for new users who log in using SAML-based SSO.

7

Click the Enable user groups syncing toggle if you plan to update user groups from your identity provider. Refer to SAML role sync: maintaining Workato roles in the identity provider for more information.

8

Click Save changes.

Get SAML configuration values

The Authentication page provides the Single sign-on URL and Service provider (SP) entity ID for your SSO-based SAML app.

Complete the following steps to access your Workato Single sign-on URL for Agentic:

1

Sign in to Workato.

2

Go to Workspace admin > Access control > Authentication.

3

Ensure that the SAML-based SSO authentication toggle is enabled.

4

Locate the Create a SAML application in your IdP section to access your Single sign-on URL and Service provider (SP) entity ID.

Identity provider user access

You can add users to the Agentic platform through your external identity provider (IdP). This enables you to authenticate user accounts for Agentic access. You must configure a SAML-based SSO through your IdP before you can provide a user with access to Agentic. Agentic adds users when they sign in through your IdP for the first time. Multiple IdPs are supported. The steps in this section use Okta as an example.

Complete the following steps to configure your IdP:

1

Sign in to your Okta (opens new window) account.

2

Go to Applications > Applications and click Create App Integration.

Add application in Okta

Refer to the Okta documentation (opens new window) for more information.

3

Select SAML 2.0 as the Sign-in method and click Next.

Create a new application in Okta

4

Enter a name for the app in the App name field. For example, Workato Agentic.

5

Click Next.

6

Paste your Workato Single Sign-On URL into the corresponding field in Okta. Refer to Get SAML configuration values for more information.

7

Select the Use this for Recipient URL and Destination URL checkbox.

8

Paste the Service provider (SP) entity ID into the Audience URI (SP Entity ID) field.

9

Set Name ID format to EmailAddress.

10

Go to the Attribute Statements section and add the following attributes:

Name	Value
workato_app_user_name	user.displayName
workato_app_user_groups	appuser.workato_app_user_groups

The resulting attribute statements should look like this:

Add Attribute Statements to your App

11

Click Next.

12

Use the App type drop-down menu to choose This is an internal app that we have created.

13

Click Finish.

14

Go to Directory > People > and add one or more users. You must complete the verification steps for each user.

15

Go to Applications > My App > Assignments.

16

Click Assign > Assign to People and add one or more users for My App.

17

Click Done.

18

Go to Applications > [Your App] > Sign On in Okta.

19

Copy the Metadata URL.

20

Return to Workato and go to Workspace admin > Access control > Authentication.

21

Ensure the SAML-based SSO authentication toggle is enabled.

22

Go to the Provide metadata from your identity provider (IdP) section.

23

Locate the Do you have your identity provider metadata URL? field and select Yes or No depending on whether you have access to your IdP metadata URL.

1

Provide your metadata URL in the Metadata URL field.

Provide your metadata URL

1

Provide your IdP SSO URL in the Identity provider single sign-on URL field.

Provide your IdP information

2

Provide the unique identifier of your IdP in the Identity provider issuer field.

3

Provide the IdP X.509 certificate your IdP uses for request validations in the X.509 certificate field.

24

Click Save changes.

Agentic roles and permissions

Workspace owners have access to Agentic by default. Agentic permissions are defined as all or nothing. This means that any workspace collaborators with permission to access Agentic can perform all actions on all genies within the workspace. Agentic permissions are defined within the Orchestrate Workspace admin > Collaborators > Collaborator roles. The workspace owner must specify the Admin role when assigning access to collaborators.

Defined system roles for each collaborator per environment are in development.