Important
As of July 1st 2025, any new Healthcare agent service instance will manage User Permissions using Microsoft Entra ID via Azure Portal. In the near future, all existing Healthcare agent service instances will be transferred to use Microsoft Entra Access Management. We advise existing customers to opt-in to this feature by navigating to the User Management page and enabling Microsoft Entra Access Management feature. This toggle can only be enabled for users who have the Healthcare Agent Admin role in the Azure Access Control (IAM) pane.
Assign user access to healthcare agent service management portal
All User Management permissions to the healthcare agent instance management portal should be done by a Healthcare Agent Admin only, using Microsoft Entra ID via Azure Portal.
You can assign users with one of the following levels of permissions:
- Healthcare Agent Admin: Users with admin access can sign in, view, and edit all of the bot resources, scenarios, and configuration settings including the bot instance keys & secrets and can manage user access in case permission management is controlled via the portal.
- Healthcare Agent Editor: Users with editor access can sign in, view, and edit all the bot resources, scenarios, and configuration setting except for the bot instance keys & secrets and the end-user inputs (including Feedback, Unrecognized utterances and Conversation logs). A read-only access to the bot skills, channels, and user management.
- Healthcare Agent Reader: Users with reader access can sign in, have read-only access to the bot resources, scenarios and configuration setting except for the bot instance keys & secrets (including Authentication, Data Connection and Channels keys), the end-user inputs (including Feedback, Unrecognized utterances and Conversation logs) and portal user management.
Sign in to Azure Portal and navigate to the Healthcare Agent Service resource.
Navigate to Access control (IAM) pane -> Add -> Add role assignment
Search for "Healthcare Agent" role, select the desired role level, and select "Next"
Click on
+ Select membersand add the user as a member to this role, selectReview + assigntwice
Opt-in on the Microsoft Entra Access Management feature (for existing customers only)
To opt in on this feature, a Healthcare Agent Admin should Navigate to the Healthcare Agent Service User Management page and enable the Microsoft Entra Access Management feature. Any user with the Healthcare Agent Admin role can enable or disable the Microsoft Entra Access Management Toggle
Important
This feature can only be enabled for users who have the Healthcare Agent Admin role in the Azure Access Control (IAM) pane.
If the logged-in user has no Healthcare Agent Admin Role, the Microsoft Entra Access Management toggle will be greyed out
If the logged-in user has the Healthcare Agent Admin Role, the Microsoft Entra Access Management toggle will be available.
When enabling the Microsoft Entra Access Management toggle, all user management will be done through the Azure Portal. You will need to assign users and dedicated Azure AI Healthcare Agent roles through the identity-access-management (IAM) pane in the Azure Portal. All previously added users in the Healthcare Agent Service Management Page will no longer be used for access control. They will remain visible for reference purposes only. Please make sure to reassign them through the IAM pane.
For additional information on ME-ID Groups and users visit Microsoft Entra ID assigned groups.