Forgeron3
Log in Demo
/ MethodSep 30, 20257 min read

Integrating an AI assistant into your IT infrastructure

The fun side of AI is the business use. The side that separates a project running in production from one that gets shelved is IT. Here’s what IT needs to frame before the first ingestion.

F3
The Forgeron3 teamMarseille & Paris

SSO and identities: the first brick

Before the first user login, wire the assistant into your directory (Azure AD, Google Workspace, LDAP, Keycloak). Three benefits:

  • No extra passwords to manage.
  • Automatic account deactivation when a user leaves the organization.
  • Password and MFA policies already in place get applied.

Protocols: SAML 2.0 or OIDC are standard and should be supported by your vendor at no extra cost.

ACLs and permissions: the watertight perimeter

The whole value of an internal assistant rests on one thing: each user sees only what they are authorized to see. Three levels to model:

  1. By business group (HR doesn’t see accounting files; production doesn’t see payslips).
  2. By client (in an accounting firm: a staffer on account A doesn’t see account B).
  3. By sensitivity (confidential documents accessible only to cleared people).

Ideally, the assistant’s ACLs inherit from your DMS or file server. No double maintenance.

Test to run before go-liveLog in with three different profiles. Ask the same question. Check that each profile gets only what it should see. Have the DPO run the test, not the project lead.

Source connectors: industrializing ingestion

Beyond manual upload, the assistant must sync automatically with:

  • Your DMS (SharePoint, Alfresco, NextCloud, NUXEO).
  • Your file servers (CIFS/SMB, NFS).
  • Email or collaboration tools (case by case, with ACLs respected).
  • Your business systems (CRM, ERP, accounting software) via API.

Without sync, you fall back to “manual mode” within three months. The project dies.

Logs and audit: what to retain

Four logs to enable from day one:

  • Authentication log (who logs in, when, from where).
  • Query log (who asks what question, to which assistant).
  • Ingestion log (which document was loaded, by whom, when).
  • Source access log (which document was cited in which answer).

Typical retention: 12 months minimum, exportable to your SIEM if you have one.

Backups and DR

The ingested documents are yours; the index sits with the vendor. The rule: everything must be rebuildable from the sources.

From the vendor side, two commitments to require:

  • Daily backup of the index, restore in under 4 hours.
  • Documented DR plan for datacenter outages, RTO < 24 h, RPO < 4 h.

Monitoring and alerts

Three indicators to watch continuously:

  • Service availability (percent of time the assistant answers).
  • Response time (median and 95th percentile).
  • ”I don’t know” rate (if it rises, the corpus is drifting).

Ideally, these metrics are exported to your usual monitoring tool (Grafana, Datadog, etc.).

For end-to-end project scoping, see How to make your AI assistant project succeed and our platform page.

IT workshop

Thirty minutes by video call with your IT lead or CISO. We walk through each item above, identify the IT dependencies to plan ahead.

Book a demo

Read next.

/ Method8 min

How to make your AI assistant project succeed

Seven steps, from scoping to steady-state, with no drift or cost overruns.

Read →
/ Method6 min

Measuring AI assistant effectiveness

Six honest KPIs to track real value, not vanity metrics.

Read →
/ Security8 min

GDPR and AI assistants: the keys to compliance

Article 28 processing, DPIA, data subject rights, retention periods.

Read →