OpenAI with AD-based responses

Question

I created a chatbot using Azure OpenAI Studio and used the "Add your data" option to make the chat respond with informations that are in my files in Blob storage.

My question is: is it possible for the chatbot to check what role a user has in AD and respond based on that? For example, I have files in blob storage, which are available only for the finance or hr role, so chat will check whether the user who asked for this data has this role or not and will refuse to give him the data.

Is something like this possible?

Answer 1

@KR98 Thanks for the question, Pablo Castro explains one way to do this in Cognitive Search using document-level access control in this video:

https://www.youtube.com/watch?v=tW2EA4aZ_YQ&t=578s

That restrictions could be placed on a single index (as per https://learn.microsoft.com/en-us/azure/search/search-securi...) and that security filtering was also possible (Security filters to trim results using Active Directory - Azure Cognitive Search | Microsoft Learn).

Answer 2

@KR98 Thanks for the question, Our current Azure OpenAI documentation indeed currently describes the use of API keys only as per this example where you are expected to pass the API key through the header's "api-key" value.

You can utilise AAD-based tokens as well, as AOAI is based on the Azure Cognitive-aligned platform. So, if you will generate a Bearer token in Azure AD and pass it over to the same Azure OpenAI endpoint, but using slightly different header's key "Authorization", then you would be able to retrieve the same data.

there are some considerations when using the SDK. we posted a write-up here.

We have repo with AAD sample here.