Partilhar via


Assign user access to healthcare agent service management portal

Healthcare agent service supports two ways to manage permissions to the bot instance management portal:

Important

We advice existing customer to opt-in this feature by navigating to the User Management page and enabling the Microsoft Entra Access Management feature. This feature can only be enabled for users who have the Health Bot Admin role in the Azure Access Control (IAM) pane. In the future we will deprecrate the legacy user access control mechanism functionality in the Management Portal and only use the Microsoft Entra Access Management.

Opt-in on the Microsoft Entra Access Management feature

To opt in on this feature, a Health Bot Admin should Navigate to the Azure AI Health Bot User Management page and enable the Microsoft Entra Access Management feature. Any user with the Health Bot Admin role can enable or disable the Microsoft Entra Access Management Toggle

Important

This feature can only be enabled for users who have the Health Bot Admin role in the Azure Access Control (IAM) pane.

If the logged-in user has no Health Bot Admin Role, the Microsoft Entra Access Management toggle will be greyed out

A screenshot of the healthbot user management page with greyed out RBAC toggle

If the logged-in user has the Health Bot Admin Role, the Microsoft Entra Access Management toggle will be available.

A screenshot of the healthbot user management page with RBAC toggle disabled

When enabling the Microsoft Entra Access Management toggle, all user management will be done through the Azure Portal. You will need to assign users and dedicated Azure AI Health Bot roles through the identity-access-management pane in the Azure Portal.

A screenshot of the healthbot user management page with RBAC toggle enabled

Assigning users and roles via the Microsoft Entra Access Management feature

When Microsoft Entra Access Management is enabled, all users and roles should be managed through the Azure Access Control (IAM) pane.

A screenshot of azure iam management

You can assign users with one of the following levels of permissions:

  • Health Bot Admin: Users with admin access can sign in, view, and edit all of the bot resources, scenarios, and configuration setting including the bot instance keys & secrets and can managed user access in case permission management is controlled via the portal.
  • Health Bot Editor: Users with editor access can sign in, view, and edit all the bot resources, scenarios, and configuration setting except for the bot instance keys & secrets and the end-user inputs (including Feedback, Unrecognized utterances and Conversation logs). A read-only access to the bot skills, channels, and user management.
  • Health Bot Reader: Users with reader access can sign in, have read-only access to the bot resources, scenarios and configuration setting except for the bot instance keys & secrets (including Authentication, Data Connection and Channels keys), the end-user inputs (including Feedback, Unrecognized utterances and Conversation logs) and portal user management.

A screenshot of azure iam roles

  1. Sign in to the management portal Select Users -> Manage from the left navigation pane.
  2. Select the + New button to add a new portal user.
  3. Specify the email of the user and select the required role (Admin, Editor or Reader)

The role can also be modified after the user has been added using the action menu. The user can be removed using the action menu. To retain access to the Management Portal at least one Admin user should be remained.

A screenshot of the portal users

Assign user access based on Groups within your organization’s Azure Microsoft Entra ID

Step 1: Setup healthcare agent service application permission

Follow the guidance below to allow the healthcare agent service Application to access your organization directory.

  1. Sign in to the Azure portal with an administrator account.
  2. Select Microsoft Entra ID.
  3. Select on the Enterprise Applications tab.
  4. Select the HealthAgentDashboard application from the list of applications associated with this directory.

A screenshot of Enterprise Applications in Azure

  1. Navigate to the permission tab and grant admin consent to the healthcare agent service Dashboard application

A screenshot of Enterprise Applications permissions in Azure

  1. Select the Accept button to allow the application to read directory data of your organization.

A screenshot of Allow-Access in Azure

  1. Allow a few minutes for the changes to propagate, you should then be able to see the following permissions granted to the application:

A screenshot of Allowed permissions in Azure

Step 2: Add an organization group to healthcare agent service management portal permitted users.

  1. Sign in to the management portal Select Users -> Manage from the left navigation pane.
  2. Select the +NEW button from the top of the page to add a new portal user.
  3. Specify the organization group and select the required role (Admin, Editor or Reader)

The role can also be modified after the group is added using the action menu.

A screenshot of adding a new group user

For additional information on ME-ID Groups and users visit Microsoft Entra ID assigned groups.

Next steps

Audit Trails