Management API & Portal Post-Deployment Configuration
Complete these steps after running azd up to finalize Management API and Portal authentication.
Prerequisites
- Deployment completed successfully
- App Configuration access configured (see Prerequisites)
- App registrations created (see Pre-Deployment Setup)
- Core API configuration completed (see Core API Post-Deployment)
Update App Configuration Settings
Step 1: Access App Configuration
- Sign in to Azure Portal
- Navigate to your deployment resource group
- Select the App Configuration resource
- Select Configuration explorer
Step 2: Filter Settings
- Enter
entrain the search box - Select all management-related settings
Step 3: Update Values
Update the following settings with values from your app registrations:
| Key | Value |
|---|---|
FoundationaLLM:Management:Entra:ClientId |
Application (client) ID of FoundationaLLM-Management-Portal |
FoundationaLLM:Management:Entra:TenantId |
Directory (tenant) ID |
FoundationaLLM:Management:Entra:Scopes |
api://FoundationaLLM-Management/Data.Manage |
FoundationaLLM:ManagementAPI:Entra:ClientId |
Application (client) ID of FoundationaLLM-Management-API |
FoundationaLLM:ManagementAPI:Entra:TenantId |
Directory (tenant) ID |
Step 4: Verify Default Values
Confirm these values are correct:
| Key | Expected Value |
|---|---|
FoundationaLLM:Management:Entra:CallbackPath |
/signin-oidc |
FoundationaLLM:Management:Entra:Instance |
https://login.microsoftonline.com/ |
FoundationaLLM:ManagementAPI:Entra:Instance |
https://login.microsoftonline.com/ |
FoundationaLLM:ManagementAPI:Entra:Scopes |
Data.Manage |
Step 5: Save Changes
Click Apply to save all configuration changes.
Restart Services
After updating configuration, restart the services to apply changes.
Azure Container Apps (Quick Start)
- Navigate to your resource group
- Select the Management API Container App (ends with
managementapica) - Select Revisions in left menu
- Select the active revision
- Click Restart in the Revision details panel
- Repeat for Management UI Container App (ends with
managementuica)
Azure Kubernetes Service (Standard)
Via kubectl:
kubectl rollout restart deployment/management-api -n fllm
kubectl rollout restart deployment/management-ui -n fllm
Verify Authentication
Test Sign-In
- Navigate to your Management Portal URL
- You should be redirected to Microsoft sign-in
- Enter your Entra ID credentials
- Verify successful authentication
- Confirm you can access the Management Portal dashboard
Troubleshoot Issues
| Issue | Solution |
|---|---|
| Redirect loop | Verify redirect URI matches deployment URL |
| Invalid client | Check FoundationaLLM:Management:Entra:ClientId value |
| Access denied | Verify user has appropriate RBAC roles |
| Invalid scope | Verify scope: api://FoundationaLLM-Management/Data.Manage |
Check Logs
AKS:
kubectl logs deployment/management-api -n fllm --tail=100
kubectl logs deployment/management-ui -n fllm --tail=100
Next Steps
- Complete Authorization Post-Deployment
- Configure Role-Based Access Control
- Test Management Portal Features