Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
For your Edge RAG deployment, register an application, create app roles, and assign users or groups in Microsoft Entra ID. This article is part of the deployment prerequisites checklist and also a prerequisite of Quickstart: Install Edge RAG.
You might need to work with your Microsoft Entra or cloud administrator to configure authentication.
Important
Edge RAG Preview, enabled by Azure Arc is currently in PREVIEW. See the Supplemental Terms of Use for Microsoft Azure Previews for legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.
Prerequisites
Before you begin, make sure you have:
- An active Azure subscription. If you don't have a service subscription, create a free account before you begin.
- Microsoft Entra ID permissions:
- Permissions to create a Microsoft Enterprise Entra application.
- Ability to add new or existing Microsoft Entra users and groups to the application.
Register an application in Entra ID
Create and configure an application registration for Edge RAG in your Microsoft Entra ID tenant.
In the Azure portal, go to Microsoft Entra ID.
Go to the appropriate tenant and select Manage > App registrations.
Select New registration to create an application registration.
Enter EdgeRAG for Name.
Select Accounts in any organizational directory (Any Microsoft Entra ID tenant - Multitenant).
Select Register.
After the application is registered, go to the registration and select Manage > Authentication.
Select Add a platform > Single-page application.
Specify your domain name appended with /authorizing (for example,
https://arcrag.contoso.com/authorizing) as the Redirect URIs.
Select Configure.
For Supported account types, select Accounts in any organizational directory (Any Microsoft Entra ID tenant - Multitenant).
Select + Add a platform > Mobile and desktop applications.
For Redirect URIs, select
https://login.microsoftonline.com/common/oauth2/nativeclient.Select Configure.
Create app roles for Edge RAG
Within the Edge RAG app registration, create app roles for AI application developers and end users of the chat endpoint.
In the app registration, on the left-hand side menu, under Manage, select App roles.
Create two app roles. One for EdgeRAGDeveloper and another for EdgeRAGEndUser. Use the appropriate values listed in the table that follows the image.
Field Value Display name EdgeRAGDeveloper or EdgeRAGEndUser Allowed member types User/Groups Value EdgeRAGDeveloper or EdgeRAGEndUser Description EdgeRAGDeveloper or EdgeRAGEndUser Do you want to enable this app role? Checked When complete, close the App roles page.
Assign users or groups to roles
Next, in the Microsoft Entra ID tenant, assign users or groups to the roles you created for Edge RAG.
- In the Microsoft Entra ID tenant, on the left-hand side menu under Manage, select Enterprise applications.
- Search for and select the EdgeRag application you created.
- Go to Manage > Properties.
- Disable Assignment Required.
- On the left-hand side menu, select Users and groups > Add user/group.
- Select users and/or groups and assign EdgeRAGDeveloper or EdgeRAGEndUser role as appropriate.
- When complete, close the Users and groups page.
(Optional) Get app and tenant IDs
If you plan to use the quickstart or want to deploy Edge RAG by using the command line, get the application ID for the registration you created and the tenant ID.
- In the Azure portal, search for app registration.
- Select the Edge RAG registration you created.
- Copy the Application (client) ID and Directory (tenant) ID.
- Paste the values to an app like Windows Notepad to use later.