ChatGPT has grown explosively in popularity as we all know now. Business users across the globe often tap into the public service to work more productively or act as a creative assistant.
However, ChatGPT risks exposing confidential intellectual property. One option is to block corporate access to ChatGPT, but people always find workarounds. This also limits the powerful capabilities of ChatGPT and reduces employee productivity and their work experience.
Azure ChatGPT is our enterprise option. This is the exact same service but offered as your private ChatGPT.
1. Private: Built-in guarantees around the privacy of your data and fully isolated from those operated by OpenAI.
2. Controlled: Network traffic can be fully isolated to your network and other enterprise grade security controls are built in.
3. Value: Deliver added business value with your own internal data sources (plug and play) or use plug-ins to integrate with your internal services (e.g., ServiceNow, etc).
We've built a Solution Accelerator to empower your workforce with Azure ChatGPT.
-
Azure OpenAI: To deploy and run ChatGPT on Azure, you'll need an Azure subscription with access to the Azure OpenAI service. Request access here. Once you have access, follow the instructions in this link to deploy the gpt-35-turbo or gpt-4 models.
-
Setup GitHub or Azure AD for Authentication: The add an identity provider section below shows how to configure authentication providers.
π‘Note: You can configure the authentication provider to your identity solution using NextAuth providers
Azure ChatGPT is built with the following technologies.
Node.js 18: an open-source, cross-platform JavaScript runtime environment.
Next.js 13: enables you to create full-stack web applications by extending the latest React features
NextAuth.js: configurable authentication framework for Next.js 13
LangChain JS: AI orchestration layer to build intelligent apps
Tailwind CSS: is a utility-first CSS framework that provides a series of predefined classes that can be used to style each element by mixing and matching
shadcn/ui: re-usable components built using Radix UI and Tailwind CSS.
Azure Cosmos DB: fully managed platform-as-a-service (PaaS) NoSQL database to store chat history
Azure App Service: fully managed platform-as-a-service (PaaS) for hosting web applications, REST APIs, and mobile back ends.
Click on the Deploy to Azure button and configure your settings in the Azure Portal as described in the Environment variables section.
Please see the section below for important information about adding authentication to your app.
Clone this repository locally or fork to your Github account. Run all of the the steps below from the "src" directory.
- Make sure you deploy an instance of Cosmos DB in your Azure Subscription
- Create a new file named
.env.localto store the environment variables add the following variables.
Please note:
-
Do not use double-quotes and do not delete any of the variables.
-
Make sure that
NEXTAUTH_URL=http://localhost:3000has no comments in the same line.# Azure OpenAI configuration AZURE_OPENAI_API_KEY= AZURE_OPENAI_API_INSTANCE_NAME= AZURE_OPENAI_API_DEPLOYMENT_NAME= AZURE_OPENAI_API_VERSION= # GitHub OAuth app configuration AUTH_GITHUB_ID= AUTH_GITHUB_SECRET= # Azure AD OAuth app configuration AZURE_AD_CLIENT_ID= AZURE_AD_CLIENT_SECRET= AZURE_AD_TENANT_ID= # When deploying to production, # set the NEXTAUTH_URL environment variable to the canonical URL of your site. # More information: https://next-auth.js.org/configuration/options NEXTAUTH_SECRET= NEXTAUTH_URL=http://localhost:3000 AZURE_COSMOSDB_URI= AZURE_COSMOSDB_KEY=
- change the active directory to be
src - Install npm packages by running
npm install - Start the project by running
npm run dev
You should now be prompted to login with your chosen OAuth provider. Once successfully logged in, you can start creating new conversations.
Fork this repository to your own organisation so that you can execute GitHub Actions against your own Azure Subscription.
The GitHub workflow requires a secret named AZURE_CREDENTIALS to authenticate with Azure. The secret contains the credentials for a service principal with the Contributor role on the resource group containing the container app and container registry.
-
Create a service principal with the Contributor role on the resource group that contains the Azure App Service.
az ad sp create-for-rbac --name <NAME OF THE CREDENTIAL> --role contributor --scopes /subscriptions/<SUBSCRIPTION ID>/resourceGroups/<RESOURCE GROUP> --sdk-auth --output json