Secure Services

A secure service restricts your Airgentic chat and search widget so that only users who have signed in through your organisation's identity system (e.g. Microsoft Entra ID, Okta, or Google Workspace) can use it. This is ideal for internal use cases such as an HR policy chatbot on a staff intranet.

With a secure service:

Users must authenticate before the widget will respond.
Only users you have authorised (by email domain, individual email address, or group membership) can use the service.
No passwords are entered into the Airgentic widget — authentication is handled entirely by your existing identity provider.

If you don't need authentication, no setup is required — services are open by default.

What's involved?

Setting up a secure service is a joint effort between your team and Airgentic. Here's an overview of who does what.

What your IT team does

Register an application in your identity provider (e.g. Microsoft Entra ID) so that your users can sign in to Airgentic using their existing organisational accounts. See Registering Airgentic in your Identity Provider.
Add the widget to your website or intranet with the authentication attributes. See Adding the Secure Widget to Your Site.
Send Airgentic the details from the app registration (client ID, tenant ID, and your redirect URL) so we can complete the configuration on our side.

What Airgentic does

Once we have your details, we configure your service to:

Enable secure mode and set your allowed origins (the URLs where the widget is embedded).
Connect to your identity provider using the client ID and tenant ID you provide.
Apply your chosen authorisation rules — for example, allowing all users from your email domain, or restricting to specific groups.

Authorisation options

When you set up a secure service, you choose how to control who is allowed access. You can use one or more of the following, and a user only needs to match one rule to be granted access.

Method	Description	Example
Email domain	Allow anyone with an email address at your domain.	All `@yourorg.gov.au` users
Individual emails	Allow specific email addresses.	`jane.smith@randwick.nsw.gov.au`
Group membership	Allow users who belong to a specific group in your identity provider.	Members of the "HR-Staff" group

Let Airgentic know which approach suits your organisation when you send through your registration details.

Guides in this section

Implementation Checklist — A complete task-by-task checklist showing who does what, including optional SharePoint steps.
Registering Airgentic in your Identity Provider — Step-by-step instructions for creating the app registration in Microsoft Entra ID (or other providers).
Adding the Secure Widget to Your Site — How to embed the Airgentic widget with authentication enabled.
SharePoint Integration — Additional steps for hosting the secure widget on a SharePoint Online intranet.
How Secure Authentication Works — A plain-language explanation of the authentication flow and key technical terms.