Overview

SSW EagleEye is an AI-powered email management solution that helps organizations categorize and process emails automatically using Azure OpenAI. This guide will walk you through the installation process using Azure Managed Applications.

Prerequisites

Before starting the installation, ensure you have:

• Azure Subscription with Owner permissions
• Azure AD Tenant with Global Administrator or Application Administrator privileges
• Azure OpenAI quota available in your subscription
• Power BI workspace (optional, for reporting)
• Custom domain and DNS zone in Azure (optional)

Deployment Types

Current Deployment Method: Service Catalog

SSW EagleEye is currently deployed via Azure Service Catalog for internal testing and validation.

Future Deployment Method: Azure Marketplace

Azure Marketplace deployment will be available soon, providing:

• Public availability to all Azure customers
• Streamlined deployment process
• Production-ready managed application

Note: This guide currently covers Service Catalog deployment. It will be updated when Azure Marketplace deployment becomes available.

Installation Process

Phase 1: Deploy Managed Application

Step 1: Access the Managed Application

1. Go to Azure Portal > All services > Service Catalog Managed Applications
2. Find SSW EagleEye in the catalog
3. Click Create

Note: Azure Marketplace deployment will be available in the future and will provide a streamlined experience through the Azure Marketplace.

Step 2: Configure Application Settings

Follow the deployment wizard with these configuration steps:

2.1 Application Configuration

• Project Name: Enter a unique prefix (3-15 characters, lowercase letters and numbers)
• Environment: Select production or staging
• Location: Choose your preferred Azure region

2.2 Azure AD Configuration

• Azure Tenant ID: Your Azure AD tenant ID
• Azure Group Name: Enter the Azure AD group name for email processing

2.3 App Registration Configuration

You can select existing app registrations or create new ones during this step:

• SSW.EagleEye App Registration: Select the Engine app registration and enter the client secret
• SSW.EagleEye.Api App Registration: Select the API app registration and enter the client secret
• API Scope URL: Enter the full scope URL from the API app registration
• SSW.EagleEye.Portal App Registration: Select the Portal app registration and enter the client secret

Note: If you don't have existing app registrations, you can create them during deployment or refer to the App Registration Creation Guide section below for detailed instructions.

2.4 Database Configuration

• Database Pricing Tier: Select appropriate tier (Basic, S0, S1, S2)
• Database Users: Configure three database users:
  • Admin user (full access)
  • ReadWrite user (read/write access)
  • ReadOnly user (read-only access)

2.5 Azure OpenAI Configuration

• Location: Select Azure region (currently East US)
• Model: Choose GPT-4.1 Mini or GPT-4o Mini
• Capacity: Set tokens per minute (verify your quota first)

2.6 Power BI Configuration (Optional)

• Power BI Embed URL: Enter embed URL for reports
• Power BI Report URL: Enter direct report URL

2.7 Domain Configuration (Optional)

• Custom Domain: Enter your custom domain
• DNS Resource Group: Specify where your DNS zone is located

Step 3: Review and Deploy

1. Review all configuration settings
2. Click Create to start deployment
3. Monitor deployment progress in the Azure Portal
4. Deployment typically takes 15-30 minutes

Phase 2: Post-Deployment Configuration

Step 4: Configure Portal Frontend Redirect URL

After deployment completes, you need to configure the authentication redirect URL:

1. Go to Resource Groups > [your-resource-group] > Container Apps
2. Find the Portal container app (e.g., ca-nextjs-xxxxxx)
3. Copy the Application URL (e.g., https://ca-nextjs-4d33i5xxemxsu.happyfield-d167da8e.australiaeast.azurecontainerapps.io)
4. Go to Azure AD > App registrations > SSW.EagleEye.Portal
5. Go to Authentication > Add a platform > Web
6. Add redirect URI: [Application URL]/api/auth/callback/azure-ad
   • Example: https://ca-nextjs-4d33i5xxemxsu.happyfield-d167da8e.australiaeast.azurecontainerapps.io/api/auth/callback/azure-ad
7. Click Save

Step 5: Verify Deployment

1. Access the Portal: Navigate to the Portal container app URL
2. Test Authentication: Sign in with your Azure AD credentials
3. Check API Connectivity: Verify the Portal can communicate with the API
4. Test Email Processing: Run a manual job to categorize emails

Architecture Overview

The deployed solution includes:

• Container Apps Environment: Hosting the API, CLI, and Portal
• Azure SQL Database: Data storage with configured user access
• Azure OpenAI: AI processing for email categorization
• Key Vault: Secure storage of secrets and configurations
• Application Insights: Monitoring and telemetry
• Container Registry: Docker image storage

Next Steps

After successful deployment:

1. Configure Email Tags
2. Set Up Power BI

App Registration Creation Guide

You need the following 3 app registrations for the managed application:

Engine App Registration (SSW.EagleEye)

This app registration is used by the Engine CLI and Portal API to access Microsoft Graph.

1. Go to Azure Portal > Azure Active Directory > App registrations
2. Click New registration
3. Name: SSW.EagleEye
4. Supported account types: Accounts in this organizational directory only
5. Click Register

Configure API Permissions:

1. Go to API permissions > Add a permission
2. Select Microsoft Graph > Application permissions
3. Add the following permissions:
   • GroupMember.Read.All
   • Mail.Read
4. Click Grant admin consent

Create Client Secret:

1. Go to Certificates & secrets > New client secret
2. Add description: EagleEye Engine and API Secret
3. Select expiration period
4. Click Add
5. Save the secret value - you'll need this during creation of the managed application

Portal Backend App Registration (SSW.EagleEye.Api)

This app registration exposes an API that the Portal frontend will call.

1. Create new app registration named SSW.EagleEye.Api
2. Go to Expose an API > Add a scope
3. Accept the default Application ID URI or customize it
4. Configure the scope:
   • Scope name: access_as_user
   • Admin consent display name: Access SSW EagleEye as user
   • Admin consent description: Allow the application to access SSW EagleEye on behalf of the signed-in user
5. Click Add scope
6. Save the full scope URL (e.g., api://xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/access_as_user) - you'll need this during creation of the managed application

Create Client Secret:

1. Go to Certificates & secrets > New client secret
2. Add description: EagleEye API Secret
3. Select expiration period
4. Click Add
5. Save the secret value - you'll need this during creation of the managed application

Portal Frontend App Registration (SSW.EagleEye.Portal)

This app registration is used by the Portal web application for user authentication.

1. Create new app registration named SSW.EagleEye.Portal
2. Go to API permissions > Add a permission
3. Select My APIs > SSW.EagleEye.Api
4. Select Delegated permissions > access_as_user
5. Click Add permissions
6. Click Grant admin consent

Create Client Secret:

1. Go to Certificates & secrets > New client secret
2. Add description: EagleEye Portal Secret
3. Select expiration period
4. Click Add
5. Save the secret value - you'll need this during creation of the managed application

References

• Azure Managed Applications overview