Configure Management Portal Access
Learn how to grant and manage access to the FoundationaLLM Management Portal for users and security groups.
Overview
Management Portal access is controlled through role assignments on the Management Portal configuration scope. Assigning the Reader role to a user or group grants them access to the portal. The Role Assignments page limits portal access assignments to the Reader role.
Prerequisites
- Access to the Management Portal
- Permission to manage role assignments on the Management Portal configuration scope
Open the Role Assignments Page
- Sign in to the Management Portal.
- In the sidebar, select Security > Role Assignments.
Grant Management Portal Access
- In Scope, select Portal Access.
- In Portal, select Management Portal.
- Select Create Role Assignment.
- In Principal ID, select Browse to open the principal search dialog.
- In the dialog, choose the Search type (User, Group, or Service Principal) and enter a few letters in Search query.
- Select the matching principal from the results and choose Select.
- Confirm the Role is Reader.
- Select Create Role Assignment.
The principal can now sign in to the Management Portal.
Grant Access to a Group
- Create or identify an Azure AD security group.
- Add users to the group.
- Assign the Reader role to the group using the steps above.
All group members inherit Management Portal access.
Fallback: Manual Principal Entry
If a principal does not appear in search, you can manually enter the values:
- Set Principal Type to the correct value.
- Enter the Principal Name and Principal ID manually.
- Confirm the Role is Reader.
- Select Create Role Assignment.
Revoke Management Portal Access
- In Scope, select Portal Access.
- In Portal, select Management Portal.
- Locate the role assignment in the list.
- Select the delete icon.
- Confirm the removal.
Scope Reference
| Setting | Value |
|---|---|
| Scope | providers/FoundationaLLM.Configuration/appConfigurationSets/ManagementPortal |
| Required role | Reader |
Troubleshooting
| Issue | Resolution |
|---|---|
| User cannot sign in | Verify the user has a Reader role assignment on the Management Portal scope. |
| Group assignment does not apply | Confirm the user is a member of the group and the group is synced in Entra ID. |
| Reader role not available | Ensure the scope is set to Portal Access with Management Portal selected. |
| Permission errors when editing access | Ensure you have permissions to manage role assignments on the configuration scope. |