Assign user access to Azure Health Bot management portal

Azure Health Bot supports two ways to manage permissions to the bot instance management portal:

  1. User’s organization email or user’s Microsoft Account (MSA)
  2. Groups within your organization’s Azure Active Directory (AAD)

Warning

Organizations that manage user authentication via Microsoft accounts are responsible for revoking access manually via the management portal. User authentication via Group AAD is automatically revoked when the user is removed from your Active Directory group.

You can assign users with one of the following levels of permissions:

  • Admin access: Users with admin access can log in, view and edit all of the bot resources, scenarios and configuration setting including the bot instance keys & secrets and can managed user access in case permission management is controlled via the portal.

  • Editor: Users with editor access can log in, view and edit all the bot resources, scenarios and configuration setting except for the bot instance keys & secrets and user management.

  • Reader: Users with reader access can log in, have read-only access to the bot resources, scenarios and configuration setting except for the bot instance keys & secrets and user management.

Assign user access based on user email

  1. Log in to the management portal Select Users -> Manage from the left navigation pane.
  2. Select the +NEW button from the top of the page to add a new portal user.
  3. Specify the Microsoft Live ID of the user and select the required role (Admin, Editor or Reader)

The role can also be modified after the user has been added using the action menu.

Assign user access based on Groups within your organization’s Azure Active Directory (AAD)

Step 1: Setup Health Bot application permission

Follow the guidance below to allow the Health Bot Application to access your organization directory.

  1. Log in to the Azure portal with an administrator account.
  2. Select Azure Active Directory.
  3. Click on the Enterprise Applications tab.
  4. Select the Health Bot Dashboard application from the list of applications associated with this directory.

  1. Navigate to the permission tab and grant admin consent to the Health Bot Dashboard application

  1. Click the Accept button to allow the application to read directory data of your organization.

You might see the below error, please ignore it:

  1. Allow a few minutes for the changes to propagate, you should then be able to see the following permissions granted to the application:

Step 2: Add an organization group to Health Bot management portal permitted users.

  1. Log-in to the management portal Select Users -> Manage from the left navigation pane.
  2. Select the +NEW button from the top of the page to add a new portal user.
  3. Specify the organization group and select the required role (Admin, Editor or Reader)

The role can also be modified after the group had been added using the action menu.

For additional information on AAD Groups and users visit Azure AD assigned groups.