Azure OpenAI Entra ID User Account
Overview
Prerequisites
- A valid Azure OpenAI account with the required permissions. Learn more.
- Configure the OAuth2 account in Microsoft Entra and create the required application. Ensure the registered application in the Microsoft Azure Portal has the appropriate permissions and contains the following information:
- Client ID
- Tenant name or Tenant ID
- Client secret
- OAuth 2.0 token endpoint
- Token endpoint configuration
- Authorization endpoint configuration
- API Permissions: The registered application must have the following API permission: Microsoft Cognitive Services > user_impersonation
- Role Assignments: Ensure that the user has at
least one of the following roles assigned:
- Cognitive Services OpenAI User
- Cognitive Services OpenAI Contributor
- Cognitive Services Contributor
Limitations and known issues
None.
Account settings
- Suggestion icon (): Indicates a list that is dynamically populated based on the configuration.
- Expression icon (): Indicates whether the value is an expression (if enabled) or a static value (if disabled). Learn more about Using Expressions in SnapLogic.
- Add icon (): Indicates that you can add fields in the field set.
- Remove icon (): Indicates that you can remove fields from the field set.
Field / Field set | Type | Description |
---|---|---|
Label | String |
Required. Specify a unique label for the account. Default value: N/A Example: Azure OpenAI Entra User Application Account |
Endpoint | String/Expression |
Required. Specify the endpoint to connect to your Azure OpenAI instance. Learn more. Default value: N/A Example: https://docs-test-001.openai.azure.com/ |
Client ID | String | Required. Specify the client ID associated with your Azure OpenAI application. Default value: N/A Example: 1abcd23e-45fg-6789-hi01-23456jk789l0 |
Client secret | String | Required. Specify the client secret associated with your account. You can create the client secret as advised by your application provider. Default value: N/A Example: bec1f9242f9nsh67f2276b9ws4cadd14 |
Access token | String | Auto-generated after authorization. The access token associated with the Azure portal application is used to make API requests on behalf of the user associated with the client ID. Default value: N/A Example: <Value encrypted> |
Refresh token | String | Auto-generated after authorization. The token used to refresh the access token.Note: To automatically retrieve the Refresh
token, you should set the scope in the authentication parameters to
store the resulting refresh token in this field. If the refresh token is stored,
the access token can be refreshed automatically before it expires. To obtain the
refresh token, use the following scope: scope=offline_access
https://cognitiveservices.azure.com/.default
Default value: N/A Example: <Value encrypted> |
Access token expiration | String | Auto-generated after authorization. The access token expiration value. Default value: N/A Example: 1656423824 |
OAuth2 authorization endpoint | String | Required. Specify the authorization endpoint to authorize the application. Default value: https://login.microsoftonline.com/<tenant-id*>/oauth2/v2.0/authorize Example: https://login.microsoftonline.com/6f47e3b1-2b2a-4c2e-9b3f-58d2a340a8e3/oauth2/v2.0/authorize |
OAuth2 token endpoint | String | Required. Specify the tenant ID in the following format to get the access token. Default value: https://login.microsoftonline.com/<tenant-id*>/oauth2/v2.0/token Example: https://login.microsoftonline.com/9ee09921-7b72-432d-b552-a21e8a1ab143/oauth2/v2.0/token |
Token endpoint config | Use this field set to configure token endpoint parameters as necessary for the account. | |
Token endpoint parameter | String | Required. Specify the name for the token endpoint parameter. Default value: N/A Example: scope |
Token endpoint parameter value | String | Required. Specify the value for the parameter. Default value: N/A Example: redirect_uri |
Authorization endpoint config | Use this field set to configure authorization parameters for the authorization endpoint. | |
Authentication endpoint parameter | String | Required. Specify the authentication endpoint parameter. Default value: scope Example: code |
Authentication parameter value | String | Required. Specify the value for the authentication parameter. Default value: offline_access https://cognitiveservices.azure.com/.default Example: redirect_uri |
Auto-refresh token | Checkbox | Select this checkbox to refresh the access token automatically, using the refresh token, when the token is due for expiry. The token refresh does not happen automatically if this checkbox is not selected. Default status: Deselected |
Next Steps
- After you configure the account settings, click Authorize to authenticate your account.
- After you authorize the account settings, click Refresh to initiate a token refresh action manually.