From bcc3463ff400b8d72aa299b46065fa2e27734743 Mon Sep 17 00:00:00 2001 From: Cameron Hutchison Date: Tue, 29 Aug 2023 14:29:27 -0700 Subject: [PATCH] docs: Azure AD Authentication for Azure OpenAI (#9951) # Description This PR adds additional documentation on how to use Azure Active Directory to authenticate to an OpenAI service within Azure. This method of authentication allows organizations with more complex security requirements to use Azure OpenAI. # Issue N/A # Dependencies N/A # Twitter https://twitter.com/CamAHutchison --- .../llms/azure_openai_example.ipynb | 42 ++++++++++++++++++- 1 file changed, 40 insertions(+), 2 deletions(-) diff --git a/docs/extras/integrations/llms/azure_openai_example.ipynb b/docs/extras/integrations/llms/azure_openai_example.ipynb index eb5dbd22737..0c7262197be 100644 --- a/docs/extras/integrations/llms/azure_openai_example.ipynb +++ b/docs/extras/integrations/llms/azure_openai_example.ipynb @@ -30,7 +30,45 @@ "```python\n", "import os\n", "os.environ[\"OPENAI_API_TYPE\"] = \"azure\"\n", - "...\n", + "```\n", + "\n", + "## Azure Active Directory Authentication\n", + "There are two ways you can authenticate to Azure OpenAI:\n", + "- API Key\n", + "- Azure Active Directory (AAD)\n", + "\n", + "Using the API key is the easiest way to get started. You can find your API key in the Azure portal under your Azure OpenAI resource.\n", + "\n", + "However, if you have complex security requirements - you may want to use Azure Active Directory. You can find more information on how to use AAD with Azure OpenAI [here](https://learn.microsoft.com/en-us/azure/ai-services/openai/how-to/managed-identity).\n", + "\n", + "If you are developing locally, you will need to have the Azure CLI installed and be logged in. You can install the Azure CLI [here](https://docs.microsoft.com/en-us/cli/azure/install-azure-cli). Then, run `az login` to log in.\n", + "\n", + "Add a role an Azure role assignment `Cognitive Services OpenAI User` scoped to your Azure OpenAI resource. This will allow you to get a token from AAD to use with Azure OpenAI. You can grant this role assignment to a user, group, service principal, or managed identity. For more information about Azure OpenAI RBAC roles see [here](https://learn.microsoft.com/en-us/azure/ai-services/openai/how-to/role-based-access-control).\n", + "\n", + "To use AAD in Python with LangChain, install the `azure-identity` package. Then, set `OPENAI_API_TYPE` to `azure_ad`. Next, use the `DefaultAzureCredential` class to get a token from AAD by calling `get_token` as shown below. Finally, set the `OPENAI_API_KEY` environment variable to the token value.\n", + "\n", + "```python\n", + "import os\n", + "from azure.identity import DefaultAzureCredential\n", + "\n", + "# Get the Azure Credential\n", + "credential = DefaultAzureCredential()\n", + "\n", + "# Set the API type to `azure_ad`\n", + "os.environ[\"OPENAI_API_TYPE\"] = \"azure_ad\"\n", + "# Set the API_KEY to the token from the Azure credential\n", + "os.environ[\"OPENAI_API_KEY\"] = credential.get_token(\"https://cognitiveservices.azure.com/.default\").token\n", + "```\n", + "\n", + "The `DefaultAzureCredential` class is an easy way to get started with AAD authentication. You can also customize the credential chain if necessary. In the example shown below, we first try Managed Identity, then fall back to the Azure CLI. This is useful if you are running your code in Azure, but want to develop locally.\n", + "\n", + "```python\n", + "from azure.identity import ChainedTokenCredential, ManagedIdentityCredential, AzureCliCredential\n", + "\n", + "credential = ChainedTokenCredential(\n", + " ManagedIdentityCredential(),\n", + " AzureCliCredential()\n", + ")\n", "```\n", "\n", "## Deployments\n", @@ -144,7 +182,7 @@ "name": "stdout", "output_type": "stream", "text": [ - "\u001b[1mAzureOpenAI\u001b[0m\n", + "\u001B[1mAzureOpenAI\u001B[0m\n", "Params: {'deployment_name': 'text-davinci-002', 'model_name': 'text-davinci-002', 'temperature': 0.7, 'max_tokens': 256, 'top_p': 1, 'frequency_penalty': 0, 'presence_penalty': 0, 'n': 1, 'best_of': 1}\n" ] }