Assign user access to healthcare agent service management portal
Healthcare agent service supports two ways to manage permissions to the bot instance management portal:
Important
We advice existing customer to opt-in this feature by navigating to the User Management page and enabling the Microsoft Entra Access Management feature. This feature can only be enabled for users who have the Health Bot Admin role in the Azure Access Control (IAM) pane. In the future we will deprecrate the legacy user access control mechanism functionality in the Management Portal and only use the Microsoft Entra Access Management.
Opt-in on the Microsoft Entra Access Management feature
To opt in on this feature, a Health Bot Admin should Navigate to the Azure AI Health Bot User Management page and enable the Microsoft Entra Access Management feature. Any user with the Health Bot Admin role can enable or disable the Microsoft Entra Access Management Toggle
Important
This feature can only be enabled for users who have the Health Bot Admin role in the Azure Access Control (IAM) pane.
If the logged-in user has no Health Bot Admin Role, the Microsoft Entra Access Management toggle will be greyed out
If the logged-in user has the Health Bot Admin Role, the Microsoft Entra Access Management toggle will be available.
When enabling the Microsoft Entra Access Management toggle, all user management will be done through the Azure Portal. You will need to assign users and dedicated Azure AI Health Bot roles through the identity-access-management pane in the Azure Portal.
Assigning users and roles via the Microsoft Entra Access Management feature
When Microsoft Entra Access Management is enabled, all users and roles should be managed through the Azure Access Control (IAM) pane.
You can assign users with one of the following levels of permissions:
- Health Bot Admin: Users with admin access can sign in, view, and edit all of the bot resources, scenarios, and configuration setting including the bot instance keys & secrets and can managed user access in case permission management is controlled via the portal.
- Health Bot Editor: Users with editor access can sign in, view, and edit all the bot resources, scenarios, and configuration setting except for the bot instance keys & secrets and the end-user inputs (including Feedback, Unrecognized utterances and Conversation logs). A read-only access to the bot skills, channels, and user management.
- Health Bot Reader: Users with reader access can sign in, have read-only access to the bot resources, scenarios and configuration setting except for the bot instance keys & secrets (including Authentication, Data Connection and Channels keys), the end-user inputs (including Feedback, Unrecognized utterances and Conversation logs) and portal user management.
- Sign in to the management portal Select Users -> Manage from the left navigation pane.
- Select the + New button to add a new portal user.
- Specify the email of the user and select the required role (Admin, Editor or Reader)
The role can also be modified after the user has been added using the action menu. The user can be removed using the action menu. To retain access to the Management Portal at least one Admin user should be remained.
Assign user access based on Groups within your organization’s Azure Microsoft Entra ID
Step 1: Setup healthcare agent service application permission
Follow the guidance below to allow the healthcare agent service Application to access your organization directory.
- Sign in to the Azure portal with an administrator account.
- Select Microsoft Entra ID.
- Select on the Enterprise Applications tab.
- Select the HealthAgentDashboard application from the list of applications associated with this directory.
- Navigate to the permission tab and grant admin consent to the healthcare agent service Dashboard application
- Select the Accept button to allow the application to read directory data of your organization.
- Allow a few minutes for the changes to propagate, you should then be able to see the following permissions granted to the application:
Step 2: Add an organization group to healthcare agent service management portal permitted users.
- Sign in to the management portal Select Users -> Manage from the left navigation pane.
- Select the +NEW button from the top of the page to add a new portal user.
- Specify the organization group and select the required role (Admin, Editor or Reader)
The role can also be modified after the group is added using the action menu.
For additional information on ME-ID Groups and users visit Microsoft Entra ID assigned groups.