Edit

Share via

Configure authentication for Edge RAG Preview enabled by Azure Arc

For your Edge RAG deployment, register an application, create app roles, and assign users or groups in Microsoft Entra ID. This article is part of the deployment prerequisites checklist.

Important

Edge RAG Preview, enabled by Azure Arc is currently in PREVIEW. See the Supplemental Terms of Use for Microsoft Azure Previews for legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.

Configure authentication for the chat solution

Set up authentication to Edge RAG for AI application developers and for end users of the chat endpoint.

You might need to work with your Microsoft Entra or cloud administrator to configure authentication.

  1. In the Azure portal, go to Microsoft Entra ID.

  2. Go to the appropriate tenant and select Manage > App registrations.

  3. Select New registration to create an application registration.

    Screenshot that shows the new registration option on the top of the application registration page.

  4. Enter EdgeRAG for Name.

  5. Select Accounts in any organizational directory (Any Microsoft Entra ID tenant - Multitenant).

  6. Select Register.

    Screenshot that shows the fields on the register an application page where you add an application name and select supported account types.

  7. After the application is registered, go to the registration and select Manage > Authentication.

  8. Select Add a platform > Single-page application.

  9. Specify your domain name appended with /authorizing (for example, arcrag.contoso.com/authorizing) as the Redirect URIs.

    Screenshot that shows the single-page application page where you configure redirect URLs and more.

  10. Select Configure.

  11. For Supported account types, select Accounts in any organizational directory (Any Microsoft Entra ID tenant - Multitenant).

    Screenshot that shows the options for the supported account types with the last option selected.

  12. Select + Add a platform > Mobile and desktop applications.

  13. For Redirect URIs, select https://login.microsoftonline.com/common/oauth2/nativeclient.

  14. Select Configure.

  15. On the left-hand side menu, under Manage, select App roles.

  16. Create two app roles. One for EdgeRAGDeveloper and another for EdgeRAGEndUser. Use the appropriate values listed in the table that follows the image.

    Screenshot that shows the two app roles created for the developer and user.

    Field Value
    Display name EdgeRAGDeveloper or EdgeRAGEndUser
    Allowed member types User/Groups
    Value EdgeRAGDeveloper or EdgeRAGEndUser
    Description EdgeRAGDeveloper or EdgeRAGEndUser
    Do you want to enable this app role? Checked

  17. When complete, close the App roles page.

  18. To assign users or groups to the role you created, on the tenant's left-hand side menu, under Manage, select Enterprise applications.

  19. Search for and select the EdgeRag application you created.

  20. Go to Manage > Properties.

  21. Disable Assignment Required.

  22. On the left-hand side menu, select Users and groups > Add user/group.

  23. Select users and/or groups and assign EdgeRAGDeveloper or EdgeRAGEndUser role as appropriate.

Next step

Install networking and observability components