RAG application document retrieval based on the user using azure AD details

htchameleon 0

Project Overview

We have developed a chatbot as an AI assistant for the company document repository. This chatbot is created using Azure Services, including Azure OpenAI and an Azure web application for the chat interface. The data source for the chatbot is SharePoint, we have currently morethan 4 SBUs and all the documents are stored in a sharepoint document repository in separate folders per SBU.
Azure App Services - chat bot is deployed using azure openai playgroud deployment as a web app option

Data Source - SharePoint

Azure AI Search is used to to search the documents (index, indexer), from the indexers we are extracting the meta data field as SBU which in each document we have defined.

Azure Openai gpt 4o used.

Requirement

When a user from a certain SBU asks a question from the chatbot, the bot should only retrieve the information/answers from that user’s registered SBU or from the Common (group-wide) documents.

please tell me how to achieve this in stepwise in detail (i am new the Azure)

Manas Mohanty (Quadrant Resource LLC) 135 Reputation points Microsoft Vendor

2025-01-22T10:03:53.61+00:00
Hi Hemas Transformation,

Welcome to the Microsoft Q&A and thank you for posting your questions here.

I think prompt flow or python SDK will be suitable for your requirement as Chat playground can take only one AI search index or container at the moment.

Through Prompt flow, you can leverage different type of tools like python/prompt /lookup tools to authenticate users and search in different AI search indexes.

and

with Python SDK, you will need to create flask routes for authentication, route user from different SBU user group and deploy through Azure webapp and show results.

To achieve your requirement to

You need route users to SBU1, SBU2, SBU3 document indexes based on their SBU for which you need to create multiple containers on the similar name convention of SBU prior

You will need to fetch details of user when prompted for their SBU and route to their respective AI search indexes and show "access denied to other indexes, if access is not authenticated to respective SBU index"

def getsbu(): #fetch user group details return sbu def searchSBU(sbu): #based on user group details , use if-else condition to search in respective sbu index through OpenAI agent and show the results

Given that:

SBU n user will have access to only SBU n only prior from IAM access of containers.

Kindly refer below documentation for reference.

Promptflow tools

Add you own data SDK.

Azure Webapp from Python

Authentication in webapp

Hope it helps address your requirements.

Thank you.
Manas Mohanty (Quadrant Resource LLC) 135 Reputation points Microsoft Vendor

2025-01-24T11:01:27.4666667+00:00

Hi Hemas Transformation,

Following up to see if the given response was helpful.

Thank you.
RaytheonXie_MSFT 38,426 Reputation points Microsoft Vendor

2025-01-27T01:37:40.6466667+00:00

Hi Hemas Transformation,

Would you please provide us with an update on the status of your issue?

If the solution helps, could you kindly accept the answer via the "Accept Answer" button,

it would be helpful to others who have similar issue in the future.
htchameleon 0 Reputation points

2025-02-03T09:17:10.22+00:00

i am really sorry to say this but the answer is not clear and the approach does not make verified to me. for example if you can help me with this https://learn.microsoft.com/en-us/azure/ai-services/openai/how-to/on-your-data-configuration#document-level-acc

1 answer

Manas Mohanty (Quadrant Resource LLC) 135 Reputation points Microsoft Vendor

2025-02-03T11:50:06.6266667+00:00
Hi htchameleon!

We have noticed that you rated an answer as not helpful. We appreciate your feedback and are committed to improving your experience with the Q&A.

Thank you for sharing the documentation you are referring.

You can check the below GitHub document for simplicity

search security trimming azure search

Creation of user groups and addition of users in user groups -create-users-and-groups 1, creates users and groups 2

applying Document level access control with user group - modifies the access of certain documents in an index with certain user groups - Reference on modifying ACL on documents in the same index

Update "default authentication in app " to use Document level access filtering

Here is diagram explaining the authentication on "Secured Filtered Knowledge:

Could you please re-take the survey and upvote on this response if it is helpful to you.

Thank you.
Please sign in to rate this answer.
htchameleon 0 Reputation points

2025-02-04T15:31:56.2766667+00:00

hey thank you very much for sharing another solution based on my document which i reffered.

but the default web app in the openai playground (foundry) is not the one that you are sharing

https://github.com/microsoft/sample-app-aoai-chatGPT/tree/main

this is the default app

Manas Mohanty (Quadrant Resource LLC) 135 Reputation points Microsoft Vendor

2025-02-05T01:09:22.6933333+00:00

Hi htchameleon!

Document share explains the "Document level acces control feature " of AI search, and part of custom webapp with AI search. Default webapp might not work to change the authentication on document level.

Could you upvote the last answer if the pointers are helpful.

Thank you.
Sign in to comment

Use comments to ask for clarification, additional information, or improvements to the question.

Share via

RAG application document retrieval based on the user using azure AD details

1 answer

Your answer