Anakin
← Back to Knowledge Base

Visibility & Access Control: Who Can Chat with Your Agent

Understand the three visibility levels and access rules that control who can interact with your AI agents.

Visibility & Access Control

Anakin gives you fine-grained control over who can interact with your agents. This guide covers the three visibility levels and additional access rules.

Visibility Levels

Public

  • View: Anyone can see the agent's page
  • Chat: Requires authentication (login)
  • Use case: Customer-facing agents, public support

Restricted

  • View: Anyone can see the agent's page
  • Chat: Requires authentication
  • Use case: Premium content, member-only agents

Private

  • View: Owner only
  • Chat: Owner only
  • Use case: Internal tools, testing, development

Access Rules & Business Solutions

Beyond visibility, you can set fine-grained restrictions to gate access to authorized visitors only. These rules serve as powerful, production-ready enterprise security solutions:

1. Email Domain Whitelisting

  • What it does: Restricts access to visitors who log in with emails belonging to specified corporate or organization domains (e.g., @company.com, @partner.org).
  • Why it matters: Protects internal tools, proprietary knowledge, and databases from external leakages without manually managing individual visitor accounts.

2. Specific Email Whitelists (Bulk Upload)

  • What it does: Restricts agent interactions strictly to a predefined list of approved email addresses. Owners can click "Import from Excel / CSV / TXT" to bulk-upload customer lists. The uploader automatically parses, extracts, and deduplicates emails.
  • Why it matters: Perfect for rolling out closed VIP pilots, members-only resources, or client-specific workspaces.

3. Geographical Restrictions

  • What it does: Restricts agent availability to specific countries (using a searchable multi-select scrolling picker of ISO country codes). Or use "All Countries" for global open access.
  • Why it matters: Essential for compliance with local regulations (e.g., GDPR), geographic licensing restrictions, or targeting country-specific marketing campaigns.

4. Working Hours

  • What it does: Restricts agent response availability to specific operating hours (e.g., Mon-Fri, 9:00 AM - 5:00 PM).
  • Why it matters: Prevents customers from expecting instant automated support when escalation desks are offline, or matches shift timings of human oversight.

Enterprise Business Cases

Case A: Corporate Internal AI Assistant (HR & Legal FAQ)

Objective: A company wants to build an AI agent trained on sensitive internal handbooks, employee policies, and onboarding guides.

The Solution:

  • Visibility: Set to Restricted.
  • Access Rules: Enable Email Domain restriction set to @yourcompany.com.
  • Result: Employees sign in with their corporate accounts and query the agent securely. Any login with a personal address (e.g., Gmail, Yahoo) or competitor's domain is immediately locked out.

Case B: Premium VIP Support Portal

Objective: A SaaS brand offers a dedicated, high-touch support employee agent to a premium tier of 100 enterprise accounts.

The Solution:

  • Visibility: Set to Restricted.
  • Access Rules: Upload the VIP email list via the Bulk Sheet Uploader (.xlsx/.csv).
  • Result: Only the approved customer emails can chat with the premium agent. If non-VIP visitors load the page, they are blocked, maintaining service exclusivity.

Case C: Regional Compliance & Licensing Agent

Objective: A fintech platform needs to offer loan consulting, but the regulatory license is only active in the United States and Canada.

The Solution:

  • Visibility: Set to Restricted.
  • Access Rules: Configure Geo-Restrictions targeting United States (US) and Canada (CA).
  • Result: Visitors from European or Asian IP addresses are immediately greeted with a regional access-denied screen, maintaining strict regulatory compliance.

How Access Control Works

When a visitor tries to chat, Anakin runs a 5-step validation:

1. Is the agent active? - Must be published and active.

2. Visibility check - Private, Restricted, or Public settings.

3. Access rules - Validate visitor's email against domains, whitelists, and verify geolocation.

4. Block check - Check if this specific visitor has been banned.

5. Configuration check - Ensure limits and tools are ready.

If any check fails, the visitor is immediately blocked and presented with a clear lock screen explaining the access denial.