Configure Chat User Portal Access
Learn how to grant and manage access to the FoundationaLLM Chat User Portal for users and security groups.
Overview
Chat User Portal access is controlled through role assignments on the User Portal configuration scope. Assigning the Reader role to a user or group grants them access to the Chat User Portal. The Role Assignments page limits portal access assignments to the Reader role.
Prerequisites
- Access to the Management Portal
- Permission to manage role assignments on the User Portal configuration scope
Open the Role Assignments Page
- Sign in to the Management Portal.
- In the sidebar, select Security > Role Assignments.
Grant Chat User Portal Access
- In Scope, select Portal Access.
- In Portal, select User Portal.
- Select Create Role Assignment.
- In Principal ID, select Browse to open the principal search dialog.
- In the dialog, choose the Search type (User, Group, or Service Principal) and enter a few letters in Search query.
- Select the matching principal from the results and choose Select.
- Confirm the Role is Reader.
- Select Create Role Assignment.
The principal can now sign in to the Chat User Portal.
Grant Access to a Group
- Create or identify an Azure AD security group.
- Add users to the group.
- Assign the Reader role to the group using the steps above.
All group members inherit Chat User Portal access.
Fallback: Manual Principal Entry
If a principal does not appear in search, you can manually enter the values:
- Set Principal Type to the correct value.
- Enter the Principal Name and Principal ID manually.
- Confirm the Role is Reader.
- Select Create Role Assignment.
Revoke Chat User Portal Access
- In Scope, select Portal Access.
- In Portal, select User Portal.
- Locate the role assignment in the list.
- Select the delete icon.
- Confirm the removal.
Scope Reference
| Setting | Value |
|---|---|
| Scope | providers/FoundationaLLM.Configuration/appConfigurationSets/UserPortal |
| Required role | Reader |
Troubleshooting
| Issue | Resolution |
|---|---|
| User cannot sign in | Verify the user has a Reader role assignment on the User Portal scope. |
| Group assignment does not apply | Confirm the user is a member of the group and the group is synced in Entra ID. |
| Reader role not available | Ensure the scope is set to Portal Access with User Portal selected. |
| Permission errors when editing access | Ensure you have permissions to manage role assignments on the configuration scope. |