Share via

Tutorials or advice on using Azure AI Search with Mongodb and RBAC

Dean Casey 0 Reputation points
2025-06-12T10:37:20.06+00:00

Hi,

I have built an application suite (mobile, api and back end api's) that capture a range of user's data. the data is stored in MongoDb and I use Auth0 for auth.

I would like to add a Rag Q&A capability to this app using Azure AI Search. It is important that a user cannot query another users data.

Are there any tutorials on how to do this or other sources of information

My apologies if this is the wrong forum. Please point me to the correct one.

Thanks

Dean

Azure AI Search
Azure AI Search
An Azure search service with built-in artificial intelligence capabilities that enrich information to help identify and explore relevant content at scale.
1,339 questions

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Prabhavathi Manchala 2,315 Reputation points Microsoft External Staff Moderator
    2025-06-12T11:24:16.9766667+00:00

    Hi Dean Casey,

    You're building an app (mobile, API, backend) that stores user data in MongoDB and uses Auth0 for login. Now, you want to add a Q&A feature using Azure AI Search, making sure users can only see their own data.

    This is possible by combining Azure AI Search with role-based access control (RBAC) and applying filters at the search index level.

    please follow these steps to build a secure RAG-based Q&A system using Azure AI Search and MongoDB, with per-user data access control:

    1). Data Ingestion from MongoDB into Azure AI Search

    Azure AI Search doesn't connect directly to MongoDB, so you'll need to:

    • Export your MongoDB user-specific data (e.g., per document/userId).
    • Index that data into Azure AI Search, tagging each document with a userId or equivalent field.
    • You can use Azure Data Factory, Azure Functions, or a simple script using the Azure Search REST API or SDKs.

    Import data into Azure AI Search using REST APIs or SDKs

    2). Secure the Search Index Using Role-Based Access Control (RBAC)

    Since you're using Auth0, map your Auth0 users to Azure AD or use Auth0 JWT tokens and validate them in your app before allowing access to Azure Search.

    • Use your backend API as a proxy between the user and Azure AI Search.
    • Add logic in your API to inject a filter like userId eq '{auth0UserId}' in the search query.
    • This way, each user can only search their own documents, regardless of what's indexed.

    Azure AI Search doesn’t support per-user security by default unless you use Azure AD with RBAC. The secure and scalable solution is to handle user filtering in your backend.

    Use filters in Azure AI Search queries

    Azure AI Search Security Overview

    3). Integrate with Azure OpenAI for RAG Q&A

    • After indexing your data and securing access, apply the RAG pattern with Azure OpenAI (e.g., GPT-4)
    • Take the user’s question → run a filtered semantic search on their data via Azure AI Search → pass the top results to GPT as context for generating the answer.

    Chat with Azure OpenAI models

    4). Authentication & Access with Auth0

    If you're using Auth0, you’ll need to:

    • Protect your backend APIs using Auth0 JWT tokens.
    • Get the user ID from the token and use it in the Azure Search filter like userId eq '{auth0UserId}'.
    1 person found this answer helpful.
    0 comments
  2. Dean Casey 0 Reputation points
    2025-06-18T20:06:32.54+00:00

    Hi there,

    My apologies for the delayed reply. I am been working through while managing other deliverables.

    I have reviewed all the steps and they make sense. It will take me some time to implement
    I am currently moving my persistence from MongoDb to CosmosDb to make things simpler in the long run.

    Please mark this as correct and complete. There isn't an option or button to do that on my side.

    Thanks for your help and the follow ups.

    Dean

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.