Make your Azure OpenAI apps compliant with RBAC

Thomas W. Drake — Mon, 25 Mar 2024 17:05:18 +0000

Microsoft has effectively provided developers with relevant documentation to bootstrap their AI projects using Azure OpenAI Services. But, as we delve into more advanced scenarios and start encountering edge cases, there seems to be noticeably less guidelines available.

What’s a recent example of this? Switching from using shared keys to Entra ID Authentication/Authorization.

Although shared keys are very easy to set up, you’ll likely want to avoid them for several reasons.
Firstly, if you lose the key or if someone gets their hands on it, you need to reset it. All systems that used the old key then need to be updated with the new one to keep working.
This becomes an issue when people leave the company; they might still have that shared key stored somewhere, and there is no way to revoke their permissions.
Plus, storing the key can be a security hazard in of itself.

Using Entra ID Authentication eliminates all these problems. It authenticates the user, and then delegates the authorization component to a fine-grained, configurable system.

Role-Based Access Management (RBAC) is the current standard in Azure user access management. It’s the backbone of the entire authorization component in Entra ID authentication.

Permissions on a specific resource are set via user roles. Each user role encompasses a range of permissions. But when it comes to Azure OpenAI Services, what user roles should we use?

Disclaimer: Azure OpenAI Services is still a new feature and the technology may be subject to change. The tips shared in this article work now but may become less relevant in the future.

Also, Microsoft has developed specific libraries, such as MSAL, to run the client-side authentication process. Unless you have a good reason for sending the requests yourself, you should use those for the OAuth component. I will share the different requests involved in the OAuth 2.0 implicit flow, as well as how to retrieve an access token for Azure Open AI Services using Entra ID authentication.

How to set up resources and permissions in Azure

Let’s assume you have already successfully created an Azure Open AI Services deployment. In my case, I have a text-davinci-003 deployment named MyDaVinciDeployment, inside a resource called OpenAIResource.

✅ This following process works for any model, including GPT 3.5 turbo, GPT 4 and even Dall-E.

To give users access to the AI service, you must provide them with the Cognitive Services User role by navigating to your AI resource and open the Access control (IAM) tab.

Create an app registration to access the API outside the Azure OpenAI Studio Playground.

This important step provides the Application (client) ID, so copy it and keep it safe.

The app registration is not enough to gain access to the service. It registers the application, but does not grant any permissions. The app registration must be set up to perform authentication so that it can run some operations in the user’s name, with the user’s permissions.

On the app registration page, navigate to the authentication tab and set up a platform configuration for Single-page application. Set your own callback URL, and set the token type to access token.

Next, we need to specify which permissions the authenticated user will delegate to the application. In the API permissions tab, add the Microsoft Cognitive Services > user_impersonation permission. You can find the Microsoft Cognitive Services API by searching it in the “APIs my organization uses” tab. Note that this permission might not show up if there is no AI service registered.

Easy steps for authenticating

We will be performing all of the authentication requests manually, however for testing purposes, you might want to use an API testing tool such as Postman or Insomnia.

Here is a Postman collection to get you started.

The OAuth 2.0 implicit grant flow (the simplest) works as follows:

The client sends a request to the authentication endpoint, specifying an application ID (to indicate which application is sending the request) and the desired scope - in our case: https://cognitiveservices.azure.com/.default
The authentication server returns a login page.
When the login is complete, the authentication endpoint issues an access token which can be used to request resources accessible to the logged in user and within the requested scope. In practice, the server redirects the user to a specific callback url and the token is communicated as a parameter or a fragment of that callback url.

Let's cover both of these requests individually. First, the authentication request.

To keep things minimalistic, we do not include some optional parameters, but you might want to check them out depending on your use case.

For the following request, here's how to find your tenant id.



GET https://login.microsoftonline.com/{tenant}/oauth2/v2.0/authorize?
client_id={client id}
&response_type=token
&redirect_uri={redirect uri}
&scope={https://cognitiveservices.azure.com/.default} # parameters should be URL-encoded
&response_mode=fragment

As an example, this is the request I’ll send:



GET https://login.microsoftonline.com/mycompany.com/oauth2/v2.0/authorize?
client_id=535fb089-9ff3-47b6-9bfb-4f1264799865 # use client ID you copied earlier
&response_type=token
&redirect_uri=https%3A%2F%2Fexample.com%2Foauth%2Fcallback
&scope=https%3A%2F%2Fcognitiveservices.azure.com%2F.default
&response_mode=fragment

If you copy this url into a browser, you should be able to log in and eventually be redirected to your callback URL, which contains the access token as a fragment:



GET {callback url}#access_token=eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6Ik5HVEZ2Z...
&token_type=Bearer
&expires_in=3599
&scope=https%3A%2F%2Fcognitiveservices.azure.com%2F.default

💡 If the authentication fails, you might want to make sure that Multi-Factor Authentication is enabled. It might not work without it.
Also, you might need administrator approval for this step.

You can then use this token to interact with your deployment using Azure Open AI Service’s REST API.

As an example:



POST https://OpenAiResource.openai.azure.com/openai/deployments/MyDaVinciDeployment/
completions?api-version=2022-12-01

# Headers
Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6Ik5HVEZ2Z...

# Body
{
    "prompt": "Once upon a time"
}

This token is valid for a limited time, after which it expires unless it is refreshed.

More AI from Microsoft

The concepts covered in this article remain virtually the same throughout the Azure platform, but you will have to adapt some parameters (namely the user roles and requested scopes) to get your apps to work in the different contexts.

Microsoft offers an array of different AI-powered products, including Azure OpenAI Service, Azure AI Search, Azure AI Speech, and their most recent Microsoft Copilot for Office 365.

Each of these services opens the door to a spectrum of exciting possibilities that we look forward to exploring.

Happy coding!

Forem: Thomas W. Drake

Make your Azure OpenAI apps compliant with RBAC

How to set up resources and permissions in Azure

Easy steps for authenticating

More AI from Microsoft