Configure delegated access for Azure OpenAI

Overview

For Azure OpenAI, delegated access can use Microsoft Entra ID identities (managed identity or service principal) with RBAC, or Azure OpenAI keys where required.

The delegated approach focuses on identity-based authorization and short-lived tokens instead of broad static secrets.

When to use this

Production workloads under centralized identity governance.
Organizations already using Entra ID, managed identities, and RBAC.
Teams that need auditable, revocable, least-privilege AI access.

Prerequisites

Azure subscription with Azure OpenAI resource.
Permission to manage role assignments and application identities.
Service principal or managed identity designated for AI access.
Flashback AI LLM setup path: Configure an AI LLM.

Step-by-step (provider side)

Prepare identity and RBAC access

Create/select a managed identity or service principal and grant only required access on the Azure OpenAI resource scope.

Use least privilege and limit scope to the required resource(s).

Choose token-based or key-based provider auth

Preferred pattern:

Use Entra ID token flow for short-lived access tokens.

Fallback pattern (if required by your integration constraints):

Use Azure OpenAI key-based authentication with strict secret management.

Implement token/key delivery pattern

If using Entra ID tokens, ensure your backend refreshes tokens before expiration.

If needed, place a controlled proxy between Flashback and Azure OpenAI so the proxy handles token management while Flashback uses stable endpoint + secret/token inputs.

Configure in Flashback

Use Configure an AI LLM and map provider outputs to existing fields:

Select the correct AI LLM Type for your Azure/OpenAI-compatible flow.
Set API Endpoint to Azure OpenAI endpoint (or your proxy endpoint).
Set API Secret to the token/secret expected by that endpoint.
Set API Key only when your endpoint requires it.

Do not assume additional product toggles or delegated-mode fields beyond documented UI fields.

PreviousConfigure delegated access for GCP Vertex AI NextPlatform API Reference

Last updated 10 days ago

Was this helpful?

hashtagOverview

hashtagWhen to use this

hashtagPrerequisites

hashtagStep-by-step (provider side)

hashtagPrepare identity and RBAC access

hashtagChoose token-based or key-based provider auth

hashtagImplement token/key delivery pattern

hashtagConfigure in Flashback