You can connect one or more OpenAI subscriptions with IBM
Guardium AI Security by using a secret key that provides access
to your cloud environment to discover AI deployments across the subscriptions.
Before you begin
AI Security This
functionality is available only with the Guardium AI
Security
application.
Verify that you have the following items:
- List of OpenAI subscriptions to be connected to Guardium AI
Security
- An OpenAI user with the permission to create the relevant service principals
For more information about the service principals, see Results.
Permissions for OpenAI connections
When you try to connect an OpenAI account to Guardium AI
Security, you must generate a Secret key
with an Owner role. The Secret key with the Owner role has the permissions that help you connect
Guardium AI
Security with an OpenAI account. The
Secret key with the Owner role scans and monitors the metadata of the AI deployments that Guardium AI
Security discovers. It is a read-write role
with permissions that can read, create, edit, and remove Guardium AI
Security resources. The Secret key with the
Owner role can retrieve AI deployments' metadata that is related to the data, model, and related
applications.
Use the following steps to connect Guardium AI
Security with one or more OpenAI cloud
accounts:
Procedure
- Do either of the following tasks:
- Click Add connections on the welcome page of Guardium AI
Security.
- Click the Connections icon from the Guardium AI
Security navigation menu.
- In the Add connections wizard, select the Open
AI tile, and then click Next.
- In the Add a cloud account step, follow the onscreen :
- Log in to Open AI platform.
- Enter the Organization name.
- Enter the Organization ID.
- Select the Environment of the organization.
- Click Next.
- In the Create a service account step, follow the onscreen
instructions to paste the secret key of the service account for a successful connection, and then
click Next.
- Guardium AI
Security validates the
key.
- Based on the result of the project key validation, you can do either of the validation
tasks:
- If the secret key is valid, navigate to Organization
overview in OpenAI to copy a project ID that you want to add. Now, click Add
project in the Connection progress dialog box, paste the project
ID, and then press the enter or return key in your keyboard.
- If the secret key is not valid, verify that you have set the newly added service account as
Owner in Open AI and pasted the correct secret key in the Create service
account dialog box.
- Based on the results of the project ID validation, you can do either of the validation
tasks:
- If the project ID validation status is Connected, you can choose to add more project IDs or
click Done.
- If the project ID validation status is not Connected, you can click Edit project
ID, paste the correct project ID, and then press the enter or return key in your
keyboard.
Results
When you connect Guardium AI
Security to OpenAI subscriptions, a user with
Owner role with read/write permissions that can read, create, edit, and remove Guardium AI
Security resources. These users with the Owner
role can retrieve AI deployment metadata that is related to the data, model, and related
applications.