Pulse chat and user identity
The built-in Pulse chat authenticates the signed-in user and authorizes each process by group, so you can build an employee portal on top of your workflows.
The Pulse chat is the in-app side of Pulse. People sign in, ask in plain language, and run or query the processes they are allowed to use. It is built for non-developers, which makes it a natural foundation for an employee portal.
It knows who is asking #
The chat carries the signed-in person's identity into every run. That lets a process act on the real user's behalf without the user being able to choose someone else. Someone asking to file a vacation request files their own, because the workflow receives who they are as a trusted value, not as something typed into a prompt.
Execution still uses the shared system authorization so connectors work for everyone, while the person's identity travels separately and is recorded in the audit trail.
Groups decide what each person can do #
Authorization is the same model that powers the agent API. A base chat role lets someone open the chat but run nothing on its own. Add them to a group that grants specific processes, and those processes appear as options in their chat. Build as many groups as you need, each scoped to its own set of operations.
For smaller projects this means Orchesty can act as the identity and permission layer itself: define groups in the platform and bind them to processes, no separate identity provider required.
Confirm before acting, format inside the workflow #
Sensitive operations can ask for a plain-language confirmation before they run, so nothing happens by accident. And because a result can contain confidential data, output is returned as the workflow produced it by default rather than being sent back through the model. When formatting is wanted, it happens inside the workflow, so the chat can serve both casual and confidential operations safely.