Connecting with OpenAI cloud accounts

You can connect one or more OpenAI subscriptions with IBM Guardium AI Security by using a secret key that provides access to your cloud environment to discover AI deployments across the subscriptions.

Before you begin

AI Security This functionality is available only with the Guardium AI Security application.

Verify that you have the following items:

  • List of OpenAI subscriptions to be connected to Guardium AI Security
  • An OpenAI user with the permission to create the relevant service principals

For more information about the service principals, see Results.

Permissions for OpenAI connections

When you try to connect an OpenAI account to Guardium AI Security, you must generate a Secret key with an Owner role. The Secret key with the Owner role has the permissions that help you connect Guardium AI Security with an OpenAI account. The Secret key with the Owner role scans and monitors the metadata of the AI deployments that Guardium AI Security discovers. It is a read-write role with permissions that can read, create, edit, and remove Guardium AI Security resources. The Secret key with the Owner role can retrieve AI deployments' metadata that is related to the data, model, and related applications.

Use the following steps to connect Guardium AI Security with one or more OpenAI cloud accounts:

Procedure

  1. Do either of the following tasks:
    • Click Add connections on the welcome page of Guardium AI Security.
    • Click the Connections icon from the Guardium AI Security navigation menu.
  2. In the Add connections wizard, select the Open AI tile, and then click Next.
  3. In the Add a cloud account step, follow the onscreen :
    1. Log in to Open AI platform.
    2. Enter the Organization name.
    3. Enter the Organization ID.
    4. Select the Environment of the organization.
    5. Click Next.
  4. In the Create a service account step, follow the onscreen instructions to paste the secret key of the service account for a successful connection, and then click Next.
  5. Guardium AI Security validates the key.
  6. Based on the result of the project key validation, you can do either of the validation tasks:
    • If the secret key is valid, navigate to Organization overview in OpenAI to copy a project ID that you want to add. Now, click Add project in the Connection progress dialog box, paste the project ID, and then press the enter or return key in your keyboard.
    • If the secret key is not valid, verify that you have set the newly added service account as Owner in Open AI and pasted the correct secret key in the Create service account dialog box.
  7. Based on the results of the project ID validation, you can do either of the validation tasks:
    • If the project ID validation status is Connected, you can choose to add more project IDs or click Done.
    • If the project ID validation status is not Connected, you can click Edit project ID, paste the correct project ID, and then press the enter or return key in your keyboard.

Results

When you connect Guardium AI Security to OpenAI subscriptions, a user with Owner role with read/write permissions that can read, create, edit, and remove Guardium AI Security resources. These users with the Owner role can retrieve AI deployment metadata that is related to the data, model, and related applications.