Architecture Overview
AVA is deployed as a private, single-tenant application within your Azure environment. This architecture ensures your data never leaves your tenant while providing enterprise-grade AI capabilities through a secure, identity-based access model.
Identity and Access Flow
The foundation of AVA’s security model is delegated permissions through Microsoft Entra ID:1
User Authentication
Users sign in to AVA using their Microsoft work account (same credentials used for Office 365)
2
Entra ID Verification
Microsoft Entra ID authenticates the user and establishes their identity and permissions
3
Delegated Access
AVA operates with the user’s permissions—it can only access what the authenticated user can access
4
No Shadow RBAC
Critical: AVA doesn’t maintain separate permission systems. Delegated permissions MATCH existing access controls
No Elevated Access: AVA never has broader permissions than the user. If you can’t access a file in SharePoint, neither can AVA on your behalf.
System Architecture
Frontend Layer
AVA Front End App Service (Azure App Service)- React-based web application
- Handles user interface and interactions
- Communicates with backend via secure APIs
- Session management and state
Backend Layer
Two primary backend services running as Azure Container Apps:- Back End App Service
- Services App Service
Core orchestration and AI integration
- Chat conversation management
- Task workflow execution
- Model Context Protocol (MCP) orchestration
- AI provider integration (AI Foundry, AWS Bedrock, GCP Vertex)
- User context and session handling
MCP Server Hub
Container Apps running MCP servers Model Context Protocol (MCP) servers act as standardized connectors to enterprise applications:Microsoft 365
- Outlook (Mail & Calendar)
- OneDrive (Files)
- SharePoint (Sites)
- Teams (Meetings & Messages)
Salesforce
- Read and write CRM data
- Query opportunities, leads, cases
- Update records
Jira
- Issue management
- Project queries
- Status updates
GitHub
- Repository access
- Code search
- Pull request queries
- NetSuite integration
- Microsoft Security (Defender)
- Web Scraping & Crawling
- Custom MCP servers (extensible)
Extend AVA to Any Enterprise Application
Leverage Your Existing SSO Infrastructure: AVA can integrate with virtually any application already configured as an Enterprise Application in your Microsoft Entra ID—if it uses OAuth or SAML for authentication.
- Use What You Already Have: Enterprise apps already in your Entra ID tenant can become AVA data sources
- OAuth/SAML Ready: If your app supports OAuth or SAML (most modern SaaS apps do), it can connect to AVA
- No Duplicate Auth: Leverages the SSO configuration you’ve already completed
- Delegated Permissions: Same identity-based security model as all AVA integrations
- HR Systems: Workday, BambooHR, ADP - access employee data, org charts, PTO balances
- Project Management: Monday.com, Asana, ClickUp - query tasks, projects, timelines
- Customer Support: Zendesk, Freshdesk, Intercom - access tickets, customer conversations
- Marketing Platforms: HubSpot, Marketo, Mailchimp - campaign data, analytics, contacts
- Finance Systems: QuickBooks, Xero, Bill.com - financial data, invoices, reports
- Custom Internal Tools: Any internal app with OAuth/SAML SSO configured in Entra ID
The possibilities expand with your enterprise ecosystem: As you add new Enterprise Applications to Entra ID, AVA’s potential integrations grow—creating a truly unified AI assistant across your entire technology stack.
Data Layer
- PostgreSQL Database
- pgVector Extension
- Azure Blob Storage
Relational data storage
- User context and sessions
- Chat conversation history
- Task definitions and state
- Prompt library
- Activity logs
- Corpus metadata
AI Providers
AVA supports multiple AI providers for model flexibility:Azure AI Foundry
Primary provider
- GPT-4, GPT-4 Turbo
- GPT-3.5 Turbo
- o1, o3-mini models
- Embeddings (text-embedding-ada-002)
AWS Bedrock
Alternative provider
- Claude Sonnet
- Claude Opus
- Other Bedrock models
GCP Vertex AI
Alternative provider
- Gemini Pro
- PaLM models
- Task complexity
- Response speed requirements
- Cost considerations
- Context window size needs
Supporting Azure Resources
App Insights
Application monitoring, telemetry, and performance tracking
Key Vault
Secure storage for secrets, API keys, and connection strings
Managed Identities
Passwordless authentication between Azure services
How a Conversation Works
Let’s trace a typical user interaction:1
User Sends Message
User types a message in AVA Chat: “@Salesforce show me my open opportunities”
2
Frontend to Backend
Front End App Service sends request to Back End App Service with user context
3
Identity Context
Backend validates user identity via Entra ID and retrieves delegated access token
4
@ Mention Detection
Backend identifies @Salesforce mention and routes request to Salesforce MCP server
5
MCP Server Execution
Salesforce MCP server:
- Uses delegated user token
- Queries Salesforce with user’s permissions
- Returns only data user can access
6
AI Processing
Backend sends user question + Salesforce data to selected AI provider (e.g., GPT-4 via Azure AI Foundry)
7
Response Generation
AI model generates response based on retrieved data and user context
8
Return to User
Response flows back through backend → frontend → user’s browser
How Knowledge Search Works
Knowledge Search uses Retrieval Augmented Generation (RAG):1
Corpus Creation
User creates a corpus pointing to a SharePoint site/document library
2
Document Ingestion
Services App Service:
- Connects to SharePoint using user’s delegated permissions
- Downloads documents user can access
- Chunks documents into manageable segments
3
Embedding Generation
- Each chunk is sent to embedding model (e.g., text-embedding-ada-002)
- Vector embeddings are generated
- Embeddings stored in PostgreSQL with pgVector
4
Auto-Sync (Optional)
If enabled, AVA periodically checks SharePoint for:
- New documents
- Modified documents
- Deleted documents Updates embeddings accordingly
5
Search Query
When user searches:
- Query is converted to vector embedding
- pgVector performs similarity search
- Top matching chunks are retrieved
6
AI-Powered Response
- Retrieved chunks are sent to AI model as context
- Model generates response based on actual document content
- Cites source documents in response
How Tasks Work
Multi-step task execution:1
Task Definition
User creates task with multiple steps, each with its own instructions
2
Document Context
User can add documents from workspace (OneDrive, SharePoint, or local files)
3
Step Execution
Backend processes each step sequentially:
- Evaluates step instructions
- Includes previous step results as context
- Can use @ mentions to pull live data
- SuperPrompt (if enabled) enhances AI guidance
4
State Management
Task state stored in PostgreSQL:
- Current step
- Step results
- Overall progress
5
Template Saving
Successful tasks can be saved as templates for reuse
Security Architecture
Authentication & Authorization
- ✅ Delegated Permissions: AVA uses SAML/OAuth to obtain delegated access
- ✅ User-Scoped Access: Every API call uses the authenticated user’s token
- ✅ No Privilege Escalation: AVA cannot access data the user cannot access
- ✅ Audit Trail: All actions logged with user identity
Data Security
Data Residency
Data Residency
- All data stays within your Azure tenant
- Processing happens in your tenant’s region
- No external SaaS data transfer
- You control data location and retention
Encryption
Encryption
- In Transit: TLS 1.3 for all communications
- At Rest: Azure-managed encryption for database and blob storage
- Secrets: Stored in Azure Key Vault
Network Security
Network Security
- Container Apps in isolated virtual network
- Managed identities for service-to-service auth
- No hard-coded credentials
- Azure Private Link support (optional)
Deployment Model
AVA is deployed as a single-tenant, private deployment for each customer:Your Azure Tenant
- Deployed entirely within your subscription
- You control all Azure resources
- No shared infrastructure
- Complete data isolation
Enterprise Application
- Registered in your Entra ID
- Uses your identity provider
- Integrates with your policies
- Respects your conditional access
- ✅ Data sovereignty: Your data, your tenant, your control
- ✅ Compliance-friendly: Easier to meet regulatory requirements
- ✅ Customizable: Can be tailored to your environment
- ✅ Secure: No multi-tenant security risks
Scalability & Performance
AVA is built to scale:- Azure Container Apps: Auto-scales based on demand
- PostgreSQL Flexible Server: Can scale vertically and add read replicas
- Blob Storage: Virtually unlimited storage capacity
- AI Providers: Load balanced across regions
- Chat responses: 2-10 seconds (depending on model and complexity)
- Knowledge Search: Sub-second vector search, 3-8 seconds total with AI generation
- Task execution: Varies by steps and data sources
- Concurrent users: Scales automatically with container app scaling
Monitoring & Observability
- Application Insights
- Logging
- Alerting
- Request/response telemetry
- Performance metrics
- Dependency tracking
- Custom events and metrics
- Failure analysis
Technical Stack Summary
| Layer | Technology |
|---|---|
| Frontend | React, TypeScript, Azure App Service |
| Backend | Python, FastAPI, Azure Container Apps |
| Database | PostgreSQL Flexible Server with pgVector |
| Storage | Azure Blob Storage |
| Identity | Microsoft Entra ID (SAML/OAuth) |
| Secrets | Azure Key Vault |
| Monitoring | Application Insights, Log Analytics |
| AI Models | Azure AI Foundry, AWS Bedrock, GCP Vertex |
| Integrations | Model Context Protocol (MCP) |
| Embedding | text-embedding-ada-002, pgvector |