Assign user access to Azure AI Health Bot management portal

  • Article

Azure AI Health Bot supports two ways to manage permissions to the bot instance management portal:

  1. User’s organization email or user’s Microsoft Account (MSA)
  2. Groups within your organization’s Azure Microsoft Entra ID

Warning

Organizations that manage user authentication via Microsoft accounts are responsible for revoking access manually via the management portal. User authentication via Group ME-ID is automatically revoked when the user is removed from your Microsoft Entra ID group.

You can assign users with one of the following levels of permissions:

  • Admin access: Users with admin access can sign in, view and edit all of the bot resources, scenarios and configuration setting including the bot instance keys & secrets and can managed user access in case permission management is controlled via the portal.
  • Editor: Users with editor access can sign in, view and edit all the bot resources, scenarios and configuration setting except for the bot instance keys & secrets and the end-user inputs (including Feedback, Unrecognized utterances and Conversation logs). A read-only access to the bot skills, channels and user management.
  • Reader: Users with reader access can sign in, have read-only access to the bot resources, scenarios and configuration setting except for the bot instance keys & secrets (including Authentication, Data Connection and Channels keys), the end-user inputs (including Feedback, Unrecognized utterances and Conversation logs) and portal user management.

Assign user access based on user email

  1. Sign in to the management portal Select Users -> Manage from the left navigation pane.
  2. Select the + New button to add a new portal user.
  3. Specify the email of the user and select the required role (Admin, Editor or Reader)

The role can also be modified after the user has been added using the action menu. The user can be removed using the action menu. To retain access to the Management Portal at least one Admin user should be remained.

A screenshot of the portal users

Assign user access based on Groups within your organization’s Azure Microsoft Entra ID

Step 1: Setup Azure AI Health Bot application permission

Follow the guidance below to allow the Azure AI Health Bot Application to access your organization directory.

  1. Sign in to the Azure portal with an administrator account.
  2. Select Microsoft Entra ID.
  3. Select on the Enterprise Applications tab.
  4. Select the HealthAgentDashboard application from the list of applications associated with this directory.

A screenshot of Enterprise Applications in Azure

  1. Navigate to the permission tab and grant admin consent to the Azure AI Health Bot Dashboard application

A screenshot of Enterprise Applications permissions in Azure

  1. Select the Accept button to allow the application to read directory data of your organization.

A screenshot of Allow-Access in Azure

  1. Allow a few minutes for the changes to propagate, you should then be able to see the following permissions granted to the application:

A screenshot of Allowed permissions in Azure

Step 2: Add an organization group to Azure AI Health Bot management portal permitted users.

  1. Sign in to the management portal Select Users -> Manage from the left navigation pane.
  2. Select the +NEW button from the top of the page to add a new portal user.
  3. Specify the organization group and select the required role (Admin, Editor or Reader)

The role can also be modified after the group is added using the action menu.

A screenshot of adding a new group user

For additional information on ME-ID Groups and users visit Microsoft Entra ID assigned groups.

Next steps

Audit Trails