Authorization
Overview
The Authorization tab of your AI Connection lets you configure authentication for requests to your AI app endpoint. It has two sections: Secrets Manager and Authentication.
Secrets Manager
A secrets manager lets you securely retrieve authentication credentials at runtime from a cloud vault, instead of storing them directly on the platform.
To enable a secrets manager:
- Toggle the secrets manager on
- Select a provider (e.g. Azure Key Vault)
- Enter your Vault URL (e.g.,
https://your-vault.vault.azure.net) - Enter your Tenant ID, Client ID, and Client Secret to authenticate to the vault
For self-hosted deployments, the secrets manager is always enabled and uses managed identities for authentication, so no secrets provider credentials are required.
Authentication
Select an authentication type from the dropdown:
Auth0 requires the following fields:
HMAC requires the following fields:
You can use a secrets manager with Auth0 to store your client credentials in a key vault. Instead of entering the actual Client ID and Client Secret, provide the names of the secrets in your vault and they will be retrieved at runtime.
Next Steps
With authorization configured, your AI connection can securely reach protected endpoints. Next, learn how to handle multi-turn evaluations and link results back to traces.