Whether or not a user needs to go through the authentication process themselves depends on whether the system can do it for them or not. If the system already knows who the user is, the bot could authenticate behind the scenes for a frictionless interaction. If, for example, the bot is integrated into a mobile app that already knows the user’s info, then that info could be used to authenticate, and the user would never need to know. The user then gets an authenticated experience without having to re-authenticate.