Search
Close this search box.
Table of Contents

How to Set Up a Private ChatGPT Instance with MFA and SSO

6 minutes read
datawiza private chatgpt instance
Table of Contents

In the vast landscape of modern technology, advancements in artificial intelligence (AI) continue to establish connections and foster communications between humans and machines in the most intuitive and engaging manner. One such remarkable innovation is ChatGPT, a conversational AI model developed by OpenAI. This article aims to shed light on the importance of establishing a private ChatGPT instance, the integration of critical security measures such as Single Sign-On (SSO) and Multi-Factor Authentication (MFA), and offer a comprehensive guide to set it up with Microsoft Entra ID (Azure AD) as the Identity Provider (IdP).

Note the solution works with any identity provider, like Microsoft Entra, Okta, Google, Ping and others. And it can be easily deployed in any environment, like Azure, AWS, Google Cloud or On-premises. 

Understanding the Importance of a Private ChatGPT

In the fast-paced, data-driven environment of our digital age, the need for privacy and control over one’s own data is paramount. Establishing a private ChatGPT allows companies to have the liberty to customize, moderate, and closely monitor the AI interactions while also incorporating the specific needs and preferences of their user base. Furthermore, a private ChatGPT can function within the data guidelines and compliance requirements of an organization. Setting up a private ChatGPT ensures that you are putting security, privacy, and control on your terms while leveraging advanced AI technology for efficient and personalized communication.

Why Incorporate MFA and SSO for ChatGPT

When it comes to ChatGPT, the implementation of MFA and SSO provides a higher degree of access security. Single Sign-On (SSO) enables users to access multiple resources with a single set of credentials, improving user experience by eliminating the need for multiple passwords while providing enhanced security. In turn, Multi-Factor Authentication (MFA) introduces an additional layer of protection by requiring users to provide at least two verification factors to access their accounts, dramatically reducing the chances of fraudulent access.

Introduction to the Datawiza Private ChatGPT Solution

The solution combines two major components designed to maximize the performance and security of Private ChatGPT:

  1. Datawiza Access Proxy (DAP): This essential tool enables MFA, SSO, and detailed access control to your Private ChatGPT.
  2. ChatGPT UI: An intuitive interface designed to interact seamlessly with the OpenAI API, enhancing your user experience.

Importantly, our versatile solution isn’t reserved solely for the OpenAI API. It also works hand-in-glove with other AI platforms such as Llama 2, Mistral AI, and Anthropic Claude API.

Refer to the following architectural diagram to visualize how these components integrate:

private chatgpt instance with sso and mfa

The User Flow in a Nutshell:

Here’s how the user experience is streamlined with our solution:

  1. The user attempts to access the Private ChatGPT through a secured URL, such as https://chatgpt.example.com.
  2. The user is then redirected to Microsoft Entra ID for login, where they complete the MFA process.
  3. Upon successful login, the user gains access to the Private ChatGPT UI.
  4. The user can now interact with the Private ChatGPT UI, input their prompts, and receive responses directly from the OpenAI API.

With this solution, users gain secure and personalized access to the power of AI, all at their fingertips.

The Demo: A Private ChatGPT instance with Microsoft Entra MFA and SSO

Take a closer look at the demo below and witness firsthand how a private ChatGPT instance operates seamlessly with MFA and SSO.

 

Set Up a Secure Private ChatGPT Instance with Datawiza

Prerequisites

To set up a private ChatGPT, one would need a Datawiza account, Docker, and a ChatGPT User Interface (UI). In essence, these are the building blocks to initiate and install a private ChatGPT.

Deploy the Datawiza ChatGPT UI

We provide a ChatGPT UI image, which we use here as an example of a private ChatGPT UI:

docker run -itd -p 3000:3000 –name datawiza-chatgpt-ui -e OPENAI_API_KEY=$OPENAI_API_KEY registry.gitlab.com/datawiza/access-proxy:chatgpt-ui

Getting Started with Datawiza

To integrate the ChatGPT with Microsoft Entra ID, login to Datawiza Cloud Management Console (DCMC).

Welcome to the DCMC homepage! Let’s get started:

Click the orange Getting Started button, which will guide you through the configuration steps.

Specify Name and Description, and click Next.

Add Application

Configure your application with the following values:

  • Platform: Select WEB here.
  • Name: The name of your application. Put a meaningful name here. I use the ChatGPT App.
  • Application URL: The external facing URL of the application. For example, https://chatgpt.example.com. You can use localhost DNS for testing purposes. I use https://chatgpt.datawiza.net.
  • SSL:  Check the Enable SSL and use datawiza self-signed certificate checkbox for testing. For production, you can upload your certificates.
  • Listen Port: This is the port that the DAP listens on. For simplicity, you can use the same port as the one in the Application URL above if you are not deploying the DAP behind a Load Balancer.
  • Upstream Servers: The URL and port combination of the ChatGPT UI. Mine is http://10.0.0.1:3000.

Select Next.

IdP Configuration

DCMC provides an innovative one-click integration to help you complete the Microsoft Entra ID configuration. This is the easiest way to install Microsoft Entra ID. DCMC will automatically complete the configuration for you. With one-click integration, you no longer have to fill out the tedious configuration on Microsoft Entra ID or copy the configuration to DCMC. DCMC calls the Graph API to do all the work for you. In this way, management costs are reduced and configuration errors are less likely to happen, ensuring smooth configuration to a large extent.

Deploy DAP

Once clicking on the Create button, the basic configuration on the management console is finished. You will see the final step of the guide, which presents you with a page showing the simple steps to deploy DAP with your application.

Enable MFA on Microsoft Entra ID

To provide an extra level of security for sign-ins, you can enforce MFA for user sign-in. There are several ways to achieve this. The simplest and easiest way is to enable MFA on the Azure portal.

  1. Sign in to the Azure portal as a Global Administrator.
  2. Select Microsoft Entra ID > Manage > Properties.
  3. Under Properties, click the Manage security defaults.
  4. Under Enable Security defaults, select Yes and then Save

Connect With Datawiza

Interested in setting up your own Private ChatGPT instance? We’re here to help. Contact us at Datawiza, and our team of experts will assist you in transforming your AI landscape. Or book a technical demo with us.

Written by the Datawiza team — hope you enjoyed! Join us if you have any questions or need any help on our Discord server.