OAuth2.0 account configuration in Microsoft Entra

The Snaps in the Azure OpenAI LLM Snap Pack require an OAuth2 account to access the resources. To authorize the OAuth2 account successfully, create and configure an application corresponding to the account as shown in the workflow.


Application Configuration Workflow
Note: You must complete steps one to four in the Azure Portal and the remaining steps in the Snap account (SnapLogic Platform).
An Azure account with a free subscription to create the application.
  1. Create an Application in the Azure Portal.
    1. Log in to the Microsoft Azure Portal.
    2. Navigate to Azure services > Microsoft Entra ID.
    3. Click Add > App registration.
    4. On the Register an application page, specify the name for registering the application and click Register. Learn more.
    Note: To use an existing application, navigate to Portal Home > Microsoft Entra ID > App registrations
  2. Define Permissions.
    1. On the left navigation panel, navigate to Manage, select API permissions > Add a permission.

      Adding API permissions
    2. On the Request API permissions window, click the APIs my Organization uses.

      Request Permissions
    3. Search for Microsoft Cognitive Services and select it.
      Request API Permissions
    4. Click Add Permissions. You can view all the permissions added under Configured permissions.
    5. Click Grant admin consent and select Yes.
  3. Add a Redirect URI.
    1. In the navigation panel, click Overview > Add a Redirect URI. You will be redirected to the Platform configurations page.

      Redirect URI

      1. Under Platform configurations, click Add a platform.

        The Configure platforms window displays.

      2. Select Web and specify the Redirect URI in the following format:

        https://<control-plane-name>.snaplogic.com/api/1/rest/admin/oauth2callback/<snap-pack-name>

        where the <control-plane-name> corresponds to the domain part of your SnapLogic URL — elastic (global control plane) or emea (EMEA control plane)

        For example:

        • https://emea.snaplogic.com/api/1/rest/admin/oauth2callback/azureactivedirectory
        • https://elastic.snaplogic.com/api/1/rest/admin/oauth2callback/azureactivedirectory
      3. Click Configure. A popup message displays indicating that the application is successfully updated.
      4. Click Save. The Redirect URIs are added in the application.

      Web Configuration

  4. Locate the application credentials in the Azure Portal.
    To authorize your account in SnapLogic, you must have the following application credentials:
    • Application (client) ID
    • Directory (tenant) ID
    • Client secret value
    1. On the application page, navigate to Overview.
    2. Under Essentials, note the Application (client) ID and Directory (tenant) ID needed for the Snap account.

      Applications Essentials

    3. In the navigation panel, select Manage > Certificates & secrets.
    4. On the Certificates & secrets page, click + New client secret.
    5. In the Add a client secret window, enter the Description, select an option for Expires from the dropdown list, and click Add.

      Certiciates and Secrets

      Note: You can copy the client secret value only after it is generated.
      The client secret value and secret ID are generated. This value and ID are required to configure the OAuth2 account.

    Scopes and Permissions Required

    Permission Display String Description Admin Consent Required?
    Cognitive Services OpenAI User OpenAI User Basic access for viewing and using deployed models. No
    Cognitive Services OpenAI Contributor OpenAI Contributor Create, edit, and deploy models. No
    Cognitive Services Contributor Contributor Full access including resource management. No
    Cognitive Services Usages Reader Usages Reader View usage and quotas. No
  5. Specify the credentials and validate the Snap account.
    1. Navigate to the Snap of your choice and configure the OAuth2 account with the details from the Azure portal's registered application.
    2. Select the Auto-refresh token checkbox in the account settings and click Apply.
    3. Click Authorize. The Access and Refresh tokens are generated. You will be redirected to the sign-in page of the Azure Portal.
    4. Sign in to Azure Portal with valid credentials to redirect to the Snap edit account settings dialog. The Access and Refresh tokens are auto-populated but encrypted in the Account settings.
    5. Validate the Snap account.
    Note: If you select the Auto-refresh token checkbox, then you must provide offline_access as the Scope in the Token end point configuration.

Error 401

Token is invalid.

Provide a valid token and reauthorize the account.

The redirect URI specified does not match the reply URI configured for the application.

Incorrect redirect URI specified by user.

Add the following redirect_uri: https://elastic.snaplogic.com/api/1/rest/admin/oauth2callback/azureactivedirectory.

URL error when invoking the operation

Ensure the tenant domain name is correct.

Ensure that Directory (tenant) ID noted from the application is in the correct format. Example: 2060aafa-89d9-423d-9514-eac46338ec05