Tags:
Categories:

How to obtain Azure credentials for OpenAI

This process may be required in the first step for training the understanding model: Set up configuration properties.

Prerequisites

Pre-requisites:

  • Azure account with permissions for applications registration.
  • Azure CLI installed.

Guidelines

Review azure-cli documentation to validate the commands and parameters.

Follow the guidelines below for obtaining the Azure credentials for OpenAI:

  1. Login the account where the OpenAI service is to be created:
  • Run the login command (documentation): az login
  • Sign in with your account credentials in the browser.
  • You will obtain the different subscriptions within Azure corresponding to the logged account.

  1. Select the specific subscription to be used, with its corresponding field id, and execute the following command to switch to this subscription (documentation): az account set --subscription <subscription_id>

    • <subscription_id> is the id of the selected subscription

  2. Create a resource group (documentation): az group create --name <name_resource_group> --location <location>

    • <name_resource_group>: name of the resource group
    • <location>: one location available for Azure (i.e., northeurope)

  3. Create app (documentation): az ad app create --display-name <display_name>

    • <display_name>: name of the service principal
      From the output of az ad app create, we can obtain the field appId. This value is used for the variable OAI_AZURE_TOKEN_CLIENT_ID.

  4. Create password for app (documentation): az ad app credential reset --id <app_id>

    • <app_id>: app_id obtained from previous app creation
      From the output of az ad app credential reset, we can obtain the field password. This value is used for the variable OAI_AZURE_TOKEN_CLIENT_SECRET.
      From the output of az ad app credential reset, we can obtain the field tenant. This value is used for the variable OAI_AZURE_TOKEN_TENANT.

  5. Create service principal (documentation): az ad sp create --id <app_id> - AppId: app_id obtained from previous app creation

  6. Assign role contributor (documentation): az role assignment create --assignee <appId> --role Contributor --scope <scope> - <app_id>: app_id obtained from previous app creation
    - <Scope>: scope of the role assignment. Read more in (documentation). A possible value is the of the resource group, you can obtain it with the command az group show --name <name_resource_group> | jq .id (documentation).

  7. Create the OpenAI application (documentation): az cognitiveservices account create --kind "OpenAI" --name <name_openai> -g <name_resource_group> --sku s0 -l <location>

    • <name_openai>: resource name
    • <name_resource_group>: name of resource group (previously generated)
    • <location>: location available for Azure (i.e., northeurope)

The values for the parameters required to fill in the build_local_variables.sh script for OpenAI execution must be obtained from the above-defined steps:

export OAI_ID_SUBSCRIPTION="$(az account show | jq -r .id)"
export OAI_RESOURCE_GROUP="<name_resource_group>"
export OAI_ACCOUNT_NAME="<name_openai>"
export OAI_AZURE_TOKEN_CLIENT_ID="<app_id>"
export OAI_AZURE_TOKEN_CLIENT_SECRET="<password>"
export OAI_AZURE_TOKEN_TENANT="$(az account show | jq -r .tenantId)"
Last modified January 15, 2025: feat: Documentation Assistant and ATRIA for Linkin Park release #AURA-26619 [RTM] (409958c0)