Azure OpenAI Entra ID User Account

Overview

You can use this account type to connect Azure OpenAI LLM Snaps with data sources that use the Azure OpenAI Entra ID User Account.
Note: This account uses user/delegate-level permissions because it is associated with the user profile that is logged in when authorizing the account. This account uses the Authorization Code Grant type.

Azure OpenAI Entra ID User Account

Prerequisites

  • A valid Azure OpenAI account with the required permissions. Learn more.
  • Configure the OAuth2 account in Microsoft Entra and create the required application. Ensure the registered application in the Microsoft Azure Portal has the appropriate permissions and contains the following information:
    • Client ID
    • Tenant name or Tenant ID
    • Client secret
    • OAuth 2.0 token endpoint
    • Token endpoint configuration
    • Authorization endpoint configuration
  • API Permissions: The registered application must have the following API permission: Microsoft Cognitive Services > user_impersonation
  • Role Assignments: Ensure that the user has at least one of the following roles assigned:
    • Cognitive Services OpenAI User
    • Cognitive Services OpenAI Contributor
    • Cognitive Services Contributor

Limitations and known issues

None.

Account settings

Note:
  • Suggestion icon (): Indicates a list that is dynamically populated based on the configuration.
  • Expression icon (): Indicates whether the value is an expression (if enabled) or a static value (if disabled). Learn more about Using Expressions in SnapLogic.
  • Add icon (): Indicates that you can add fields in the field set.
  • Remove icon (): Indicates that you can remove fields from the field set.
Field / Field set Type Description
Label String

Required. Specify a unique label for the account.

Default value: N/A

Example: Azure OpenAI Entra User Application Account
Endpoint String/Expression

Required. Specify the endpoint to connect to your Azure OpenAI instance. Learn more.

Default value: N/A

Example: https://docs-test-001.openai.azure.com/
Client ID String

Required. Specify the client ID associated with your Azure OpenAI application.

Default value: N/A

Example: 1abcd23e-45fg-6789-hi01-23456jk789l0
Client secret String

Required. Specify the client secret associated with your account. You can create the client secret as advised by your application provider.

Default value: N/A

Example: bec1f9242f9nsh67f2276b9ws4cadd14
Access token String

Auto-generated after authorization.

The access token associated with the Azure portal application is used to make API requests on behalf of the user associated with the client ID.

Default value: N/A

Example: <Value encrypted>
Refresh token String

Auto-generated after authorization.

The token used to refresh the access token.
Note: To automatically retrieve the Refresh token, you should set the scope in the authentication parameters to store the resulting refresh token in this field. If the refresh token is stored, the access token can be refreshed automatically before it expires. To obtain the refresh token, use the following scope: scope=offline_access https://cognitiveservices.azure.com/.default
Azure OpenAI Entra ID User Account_Scope

Default value: N/A

Example: <Value encrypted>
Access token expiration String

Auto-generated after authorization.

The access token expiration value.

Default value: N/A

Example: 1656423824
OAuth2 authorization endpoint String

Required. Specify the authorization endpoint to authorize the application.

Default value: https://login.microsoftonline.com/<tenant-id*>/oauth2/v2.0/authorize

Example: https://login.microsoftonline.com/6f47e3b1-2b2a-4c2e-9b3f-58d2a340a8e3/oauth2/v2.0/authorize
OAuth2 token endpoint String

Required. Specify the tenant ID in the following format to get the access token.

Default value: https://login.microsoftonline.com/<tenant-id*>/oauth2/v2.0/token

Example: https://login.microsoftonline.com/9ee09921-7b72-432d-b552-a21e8a1ab143/oauth2/v2.0/token
Token endpoint config Use this field set to configure token endpoint parameters as necessary for the account.
Token endpoint parameter String

Required. Specify the name for the token endpoint parameter.

Default value: N/A

Example: scope
Token endpoint parameter value String

Required. Specify the value for the parameter.

Default value: N/A

Example: redirect_uri
Authorization endpoint config Use this field set to configure authorization parameters for the authorization endpoint.
Authentication endpoint parameter String

Required. Specify the authentication endpoint parameter.

Default value: scope

Example: code
Authentication parameter value String

Required. Specify the value for the authentication parameter.

Default value: offline_access https://cognitiveservices.azure.com/.default

Example: redirect_uri
Auto-refresh token Checkbox

Select this checkbox to refresh the access token automatically, using the refresh token, when the token is due for expiry. The token refresh does not happen automatically if this checkbox is not selected.

Default status: Deselected

Next Steps

  • After you configure the account settings, click Authorize to authenticate your account.
  • After you authorize the account settings, click Refresh to initiate a token refresh action manually.