Knowledge Hub: App Store

Last updated: April 3, 2026

How to use Knowledge Hub to customize the App Store agent for your organization.

Key Use Cases

  1. App context docs — Describe what each app is used for, who typically needs it, permission levels, and available durations. This is the foundational layer that helps the agent guide users to the right request.

  2. Per-app and per-permission prompts — Define custom rules for specific apps or entitlements. For example: enforce policy checks at point of request (e.g., "PII access requires HR approval evidence"), clarify ambiguous permissions, or surface justification requirements for high-risk apps.

  3. Duration and access level options — Ensure the agent knows all requestable duration options (e.g., 90 days, Unlimited) and permission levels for each app.

  4. Catalog discovery — Help the agent correctly map vague user intent ("I need something for design") to the right app and entitlement, especially when app names are ambiguous or there are multiple similar options.

How to Label Context

  • Per app — Most common. Add context describing what the app is, who uses it, available permissions and durations.

  • Per permission — For apps with complex entitlement trees (e.g., PII access with many options), add permission-level guidance so the agent can ask the right questions upfront.

  • Per tenant — Org-wide policies like "all time-based apps require justification" or "security team must approve elevated access."

  • Risk-based groupings — Consider grouping context for all high-risk apps, all apps where security is an approver, or all time-based apps.

Example Context

"Figma is used at this organization as the primary tool for UI/UX design, collaborative diagramming, whiteboarding, and visual documentation. Engineers, product managers, designers, and go-to-market roles all use it — engineers typically need read access to design files and architecture diagrams, while product/design roles need edit access."

Quality Check

After adding context, test these scenarios to make sure the agent picks it up correctly:

  • [ ] "Request access to [app]" — Does the agent surface the right options?

  • [ ] "What are my options for [app]?" — Does it show all available durations and permission levels?

  • [ ] "I need [vague intent]" — Does the agent map it to the correct app?

  • [ ] Ambiguous app names — Does the agent handle them correctly with the new context?