AI Assistant Setup¶
Section: Configuration | Article 59
Audience: System Administrators
Last Updated: 2026-04-08
Overview¶
RP-PAM includes an AI assistant that enables natural language access requests. Instead of navigating forms, users can type: "I need admin access to the production database for 2 hours to run maintenance."
The AI assistant requires a configured AI provider. RP-PAM supports four providers:
| Provider | Type | Data Location | Best For |
|---|---|---|---|
| Ollama | Self-hosted | Your network only | Maximum security — no data leaves your infrastructure |
| OpenAI | Cloud | OpenAI servers | Highest model capability |
| Anthropic | Cloud | Anthropic servers | Strong reasoning, long context |
| xAI | Cloud | xAI servers | Grok models |
Setup via the Portal¶
Navigate to AI Setup in the sidebar (requires admin role).
Step 1 — Select Provider¶
Click the provider card for your chosen AI service.
Step 2 — Security Acknowledgement (Cloud Providers Only)¶
If you select a cloud provider (OpenAI, Anthropic, or xAI), RP-PAM displays a security notice:
Security Notice — External AI Provider
Access request text, resource names, and user context will be sent to [provider name]'s API servers for processing. While API keys are encrypted and only necessary context is sent, this creates an external attack surface.
No passwords, credentials, or vault data is ever sent to the AI provider.
For maximum security, use Ollama (self-hosted) — no data leaves your network.
You must check "I understand the risks of using an external AI provider" before proceeding.
Step 3 — Configure¶
Ollama:
| Field | Description | Example |
|---|---|---|
| Ollama Host URL | Address of your Ollama server | http://localhost:11434 |
Ensure the following models are pulled on your Ollama server:
Cloud Providers (OpenAI, Anthropic, xAI):
| Field | Description |
|---|---|
| API Key | Your provider API key (encrypted automatically) |
Step 4 — Test Connection¶
Click Test Connection. The validation report checks five points:
| Check | What It Tests |
|---|---|
| Connectivity | Can RP-PAM reach the provider endpoint |
| Authentication | Is the API key valid |
| Embedding | Can the provider generate text embeddings |
| Completion | Can the provider complete a text prompt |
| Round-Trip | End-to-end test: submit a sample NL access request, verify it parses correctly |
All five checks must pass before saving.
Step 5 — Save¶
Click Save Configuration. The AI configuration is written to rppam.config (API keys are encrypted). Restart the RP-PAM service for the change to take effect.
Ollama Setup (Self-Hosted)¶
Ollama runs locally or on a server in your network. No data is sent externally.
Install Ollama¶
Linux:
Windows:
Download from https://ollama.com/download and run the installer.
Pull Required Models¶
# Text completion model
ollama pull llama3
# Embedding model (for document search)
ollama pull nomic-embed-text
Verify¶
You should see both models in the response.
Point RP-PAM to Ollama¶
In the AI Setup page, enter the Ollama host URL: http://localhost:11434 (or the IP/hostname of your Ollama server if running on a different machine).
Changing Providers¶
To switch from one provider to another:
- Navigate to AI Setup
- The page detects the existing configuration and shows the current provider
- Select a different provider
- Complete the configuration and test
- Save — the old provider configuration is replaced
Troubleshooting¶
| Problem | Cause | Solution |
|---|---|---|
| Connectivity check fails (Ollama) | Ollama not running or wrong host URL | Verify Ollama is running: ollama serve or systemctl status ollama |
| Authentication fails (cloud) | Invalid or expired API key | Regenerate the API key from the provider's dashboard |
| Embedding check fails | Required model not pulled (Ollama) | Run ollama pull nomic-embed-text |
| Completion check fails | Model not available | Run ollama pull llama3 or check provider billing/quota |
| AI responses are slow | Ollama hardware insufficient or cloud rate limit | Ensure Ollama has adequate GPU/CPU, or check provider rate limits |
Next Steps¶
- AI Overview — How the AI assistant works
- AI with Ollama — Detailed Ollama configuration
- Configuration Reference — Full AI config section
RP-PAM v1.0.0 — Copyright 2026 Ravenphyre. All rights reserved.