"big-AGI, the AI suite for professionals that need function, form, simplicity, and speed. Powered by the latest models from 12 vendors and open-source servers, big-AGI offers best-in-class Chats, Beams, and Calls with AI personas, visualizations, coding, drawing, side-by-side chatting, and more -- all wrapped in a polished UX."

However, the official repository of big-AGI does not offer a one-click installation for Azure, and the built-in authentication is only basic username and password. My goal is to:

  1. Deploy big-AGI to Azure without the need to create a VM.
  2. Add access control that requires individual accounts in Entra ID to log in, without making any changes to the code.

My objective is to complete these tasks within three minutes. Let's explore how this can be achieved.

Create Azure App Service

The official big-AGI project provides a Docker image. This is how I can run it on Azure without VM. Azure has many PaaS ways to deploy Docker containers:

  1. Azure App Service
  2. Azure Container Instance
  3. Azure Container Apps
  4. AKS

I choose App Service in this post.

Go to Azure Portal, create a new Web App, select Docker Container + Linux in instance details.

For pricing plans, as I tested, Basic SKUs are enough for a few users, you can choose a higher SKU if you have a lot more end users.

In Container step, use Single Container from Docker Hub or other registries

  • Registry server URL:
  •  enricoros/big-agi

Configure other steps as you like, and finish creating the web app.

Configure Environment Variables

After creating the Web App, we need to configure a few environment variables for the instance before running the application. Open "Environment variables" blade in your App Service instance.

First, because Azure App Service will only listen on port 80, 443 and 8080 for HTTP traffic, but the Docker container image by default use port 3000. So we need to configure App Service to listen to port 3000 on the container. Add the following settings:


Next, depends on where your AI API provider is, you may use Open AI's official API, Azure Open AI, as well as others. In my case, I am using Azure Open AI. So, for me, I need to configure it's endpoint and API key.

  • AZURE_OPENAI_API_ENDPOINT: https://********
  • AZURE_OPENAI_API_KEY: ************

If you use other providers, please refer to official document:

I would also suggest turn on HTTP2 and Always on for better performance.

By now, your big-AGI website is ready to run. You can access the page by default domain or bind your custom domain.

Enable Authentication

By default, your website is publicly accessible from anywhere on the Internet. This can blow up your credit card. We need to enable authentication that asks users to login before using the application.

Go to Authentication blade, click "Add identity provider"

You can add any of the listed providers. I am using Microsoft for example. 

For Microsoft provider, by default, all accounts in the given Azure AD will have access. To limit accounts to only selected people, see my previous blog post How to Allow Only Selected Users to Access an Application in Azure AD

After completing this step. Users will be asked to login before opening big-AGI website. 


Azure App Service is a wonderful PaaS service. It can run Docker based applications and add individual account login flow to the application without modifying code. All steps are just a few mouse clicks that can be finished in a few minutes.