Azure OpenAI credentials

You can use these credentials to authenticate the following nodes:

• Chat Azure OpenAI
• Embeddings Azure OpenAI

Prerequisites

• Create an Azure subscription.
• Access to Azure OpenAI within that subscription. You may need to request access if your organization doesn't yet have it.

Supported authentication methods

• API key
• Azure Entra ID (OAuth2)

Related resources

Refer to Azure OpenAI's API documentation for more information about the service.

Using API key

To configure this credential, you'll need:

• A Resource Name: the Name you give the resource
• An API key: Key 1 works well. This can be accessed before deployment in Keys and Endpoint.
• The API Version the credentials should use. See the Azure OpenAI API preview lifecycle documentation for more information about API versioning in Azure OpenAI.

To get the information above, create and deploy an Azure OpenAI Service resource.

Model name for Azure OpenAI nodes

Once you deploy the resource, use the Deployment name as the model name for the Azure OpenAI nodes where you're using this credential.

Using Azure Entra ID (OAuth2)

Note for n8n Cloud users

Cloud users don't need to provide connection details. Select Connect my account to connect through your browser.

For self-hosted users, there are two main steps to configure OAuth2 from scratch:

1. Register an application with the Microsoft Identity Platform.
2. Generate a client secret for that application.

Follow the detailed instructions for each step below. For more detail on the Microsoft OAuth2 web flow, refer to Microsoft authentication and authorization basics.

Register an application

Register an application with the Microsoft Identity Platform:

1. Open the Microsoft Application Registration Portal.
2. Select Register an application.
3. Enter a Name for your app.
4. In Supported account types, select Accounts in any organizational directory (Any Azure AD directory - Multi-tenant) and personal Microsoft accounts (for example, Skype, Xbox).
5. In Register an application:
   1. Copy the OAuth Callback URL from your n8n credential.
   2. Paste it into the Redirect URI (optional) field.
   3. Select Select a platform > Web.
6. Select Register to finish creating your application.
7. Copy the Application (client) ID and paste it into n8n as the Client ID.

Refer to Register an application with the Microsoft Identity Platform for more information.

Generate a client secret

With your application created, generate a client secret for it:

1. On your Microsoft application page, select Certificates & secrets in the left navigation.
2. In Client secrets, select + New client secret.
3. Enter a Description for your client secret, such as n8n credential.
4. Select Add.
5. Copy the Secret in the Value column.
6. Paste it into n8n as the Client Secret.
7. Select Connect my account in n8n to finish setting up the connection.
8. Log in to your Microsoft account and allow the app to access your info.

Refer to Microsoft's Add credentials for more information on adding a client secret.

Setting custom scopes

Azure Entra ID credentials use the following scopes by default:

• openid
• offline_access
• AccessReview.ReadWrite.All
• Directory.ReadWrite.All
• NetworkAccessPolicy.ReadWrite.All
• DelegatedAdminRelationship.ReadWrite.All
• EntitlementManagement.ReadWrite.All
• User.ReadWrite.All
• Directory.AccessAsUser.All
• Sites.FullControl.All
• GroupMember.ReadWrite.All

To select different scopes for your credentials, enable the Custom Scopes slider and edit the Enabled Scopes list. Keep in mind that some features may not work as expected with more restrictive scopes.