Connect Your Microsoft Entra ID Active Directory to Abacus.AI

This guide details how to integrate Microsoft Entra ID with Abacus.AI for user management.

Requirements

Setting up your Microsoft Entra ID environment for Abacus.AI user management

  1. Log into your Microsoft Entra admin dashboard Microsoft Entra Id

  2. Go to the Enterprise applications tab and select the installation of Abacus.AI with Application ID: b89bbf6f-22a7-4b66-9bcf-6a80edf04dc5. Microsoft Entra Id

  3. Go to the permissions tab and ensure the following permissions are enabled:

Required Microsoft Graph Permissions

Permission Description Needed for SSO
Application.Read.All Read applications No
Directory.Read.All Read directory data No
email View users' email address Yes
offline_access Maintain access to data you have given it access Yes
openid Sign users in Yes
profile View users' basic profile Yes
User.Read Sign in and read user profile Yes
User.ReadBasic.All Read all users' basic profiles Yes


Microsoft Entra Id

If not already there, you may have to click the "Grant admin consent" button first. The above screenshot is from after granting admin consent.

  1. Follow the pop-up instructions accordingly (Microsoft admin permissions are necessary).

Managing accounts on Microsoft Entra ID:

  1. Go to the "Users and groups" tab and press "Add user/group". Microsoft Entra Id

  2. Select the users or groups you want to give access to, along with their corresponding roles:

    • Admin - The user is an admin on the Abacus.AI Chat and platform.

    • Chat User - The user only has access to the Abacus.AI Chat.

    • Platform User - The user has access to the Abacus.AI Chat and platform.

Microsoft Entra Id

Licenses

While Microsoft Entra ID Governance is not strictly necessary for single sign-on (SSO) integration, it becomes essential when you want to leverage group-based role assignments and automated identity management features as group assignments are not avalailable from Microsoft without this plan. Your team can still use SSO integration if you're willing to accept the limitations of manually assigning roles to individual users. However, if you want to assign roles to user groups and enable access to private group-specific bots for "Chat Users," then Entra ID Governance is necessary, but only 1-2 licenses would be needed for the admins who will manage and maintain the groups. Microsoft Entra admin center

Setting up Microsoft Entra ID connector

If your team only wants SSO login, then you can stop here. However, if you also want to manage groups for your chatbot, please continue.

  1. Select Organization:

    • Go to the organization that you want to be managed by Microsoft Entra ID. Microsoft Entra Id

  2. Access Connected Services Dashboard:


  1. Add New Connector:

    • Click on the "Add New Connector" option and select "Microsoft Entra ID". Microsoft Entra Id

  2. Connect Microsoft Entra ID:

    • Press the "Connect Microsoft Entra ID" button. Follow the instructions in the dialog box to provide your Microsoft admin user credentials -- the account that has your target directory as the home organization.
    • Ensure you have granted admin consent as outlined in the Setting up your Microsoft Entra ID environment for Abacus.AI user management instructions. Without this, you will not have the necessary permissions to create the connector. Microsoft Entra Id

  3. Verify Connector Status:

    • Your connector should be set up and confirm that it has an "ACTIVE" status.

  4. Enable Feature:

    • Reach out to Abacus.AI to enable this feature and have Microsoft Entra ID manage user accounts for this organization.

Troubleshooting and FAQ for the Microsoft Entra ID connector

- On Microsoft, users must be internal members and not guests. The emails should be of the form `@domain.com`, not `ext@domain-on-microsoft.com`  
- When logging into the `https://workspace.abacus.ai/chatllm` application using Microsoft SSO, the user must switch their Microsoft organization to their targeted directory.
© Copyright