Azure Entra ID and AI Red Teaming OAuth 2.0 Integration
Integrate Azure Entra ID and AI Red Teaming for automated server-to-server
authentication using the OAuth 2.0 client credentials flow.
| Where Can I Use This? | What Do I Need? |
|---|
- Prisma AIRS (AI Red Teaming)
|
- Prisma AIRS AI Red Teaming License
- Prisma AIRS AI Red Teaming Deployment Profile
- An Azure account with an active subscription
- Admin access to Microsoft Entra ID (to grant application
permissions)
|
Integrating Azure Entra ID with the AI Red Teaming allows you to use the OAuth 2.0
client credentials flow for secure and automated scanning. Using this integration,
AI Red Teaming automatically manages the token lifecycle. It fetches a new access
token autonomously from Entra ID and refreshes it without any human interaction.
Application vs. Delegated Permissions
AI Red Teaming operates as an automated backend service without browser access or
user sessions. Therefore, Delegated permissions are not suitable, as they require
interactive user sign-in through a browser and user consent. Instead, use the Client
Credentials flow with Application permissions, which is specifically designed for
unattended scenarios. This approach allows the application to authenticate using its
own identity rather than on behalf of a user.
Application permissions require admin consent to be granted, and rely on a
client_secret rather than an interactive user login.
| Feature | Application Permissions | Delegated Permissions |
|---|
| Who authenticates? | The app itself (client_secret) | A user (via browser login) |
| User present? | No | Yes, required |
| Admin consent? | Yes, required | User or admin consent |
| Token grant type | client_credentials | authorization_code |
| Scope format | <resource>/.default | Individual scopes (for example, user.read) |
| AI Red Teaming compatible? | Yes | No |
Unsupported Grant Types and User Tokens
AI Red Teaming exclusively supports the client_credentials grant
type because it is the only flow that functions without user interaction. Other
common grant types are unsupported for the following reasons:
- Refresh tokens: Refresh tokens are initially obtained via an interactive
browser login using the authorization_code flow. Additionally,
Entra ID rotates refresh tokens upon use, which would cause subsequent automated
refresh attempts to fail with a 400 error because AI Red Teaming does not store
the new token. Finally, refresh tokens expire (typically after 90 days), which
would break automated scans without a user present to re-authenticate.
- Authorization code: This flow requires a browser to redirect the user to
a login page, user credentials, permission consent, and a redirect URI to
exchange the code for tokens. AI Red Teaming is a backend service lacking the
user interface required for this exchange.
- User-based tokens: Existing user-based tokens are tied to a specific user
session and cannot be reliably refreshed autonomously by a backend service.
Furthermore, Proof Key for Code Exchange (PKCE) is not applicable. PKCE is a security
enhancement for the authorization_code flow that protects against
code interception in public clients, such as mobile apps and single-page
applications. Because AI Red Teaming uses a confidential
client_secret to authenticate directly to the token endpoint,
there is no redirect or interception vector to protect against.
| Grant Type | User Required? | AI Red Teaming Support | Use Case |
|---|
| client_credentials | No | Supported | Server-to-server, no user context. |
| authorization_code | (Browser) Yes | Not supported | Web applications with user login. |
| refresh_token | (Initial) Yes | Not supported | Extending user sessions. |
| device_code | (Device) Yes | Not supported | Command-line interface (CLI) tools, Internet of Things (IoT)
devices. |
| implicit | (Browser) Yes | Not supported | (Deprecated) Legacy single-page applications
(SPAs). |
The Default Scope
In the Entra ID Client Credentials flow, you cannot request individual scopes like
user.read or email. You must use the
/.default scope, which instructs Entra ID to return a token
containing all the Application permissions that have been granted to the application
via admin consent.
This is a Microsoft-specific requirement for the client_credentials
grant type. The format is <resource-uri>/.default, for
example: https://graph.microsoft.com/.default or
api://my-app-client-id/.default.
Token Lifecycle and Expiry Management
AI Red Teaming automatically manages the token lifecycle without manual intervention.
On the first request, AI Red Teaming calls the Entra ID token endpoint to obtain an
access token and caches it with a time to live (TTL) based on the
oauth2_expiry_minutes configuration (which defaults to 60
minutes). A configurable 60-second refresh buffer ensures the token is refreshed
slightly before it expires to avoid failed requests.
If a request returns a 401 token rejected error, AI Red Teaming invalidates the
cached token and retries once with a fresh token. To handle transient network
errors, token refresh relies on a retry mechanism with exponential backoff for up to
three attempts.
You should match the oauth2_expiry_minutes value to the token
lifetime configured in Entra ID, which defaults to 60-90 minutes. If you use a
custom token lifetime policy in Entra ID, update the value accordingly.
While token refreshes are fully automatic, the Entra ID
client_secret itself does expire based on the timeline
configured in Azure (such as 6, 12, or 24 months). When the secret expires, token
requests will fail. You must create a new secret in Entra ID and update the
auth_config in AI Red Teaming with the new value.
AI Red Teaming's OAuth 2.0 handler currently supports
client_secret authentication only. Certificate-based
authentication (client_assertion) and federated credentials are not
yet supported.
Private Networks and Network Channels
If the target API is located behind a private network, AI Red Teaming supports OAuth
2.0 token refresh through the
Network Channel. To enable this,
configure the target with
api_endpoint_type=NETWORK_BROKER and set
up a Network channel. AI Red Teaming automatically routes the token request through
the Network Channel proxy.
