# OpenAI ### Overview The Veza OpenAI integration provides visibility into your organization's access to OpenAI resources, helping secure AI innovations and prevent identity-based threats. This integration discovers all users with access to your OpenAI organization, maps their assigned roles, and visualizes permissions relationships to help maintain proper access control. The integration enables: * Discovery of all users with access to your OpenAI organization * Mapping of assigned roles (Owner/Reader) to specific permissions * Visibility into access rights including API usage, organization management, billing modifications, and member management * Access review and alert rules based on user access to OpenAI See [notes and supported entities](#notes-and-supported-entities) for more details. ### Configuring OpenAI To integrate OpenAI with Veza, you'll need to obtain your Organization ID and generate an API key. #### Get your Organization ID 1. Sign in to the OpenAI [Dashboard](https://platform.openai.com/) 2. Click **Manage Account** from the user dropdown in the upper right corner 3. Navigate to the **Settings** section 4. Note your **Organization ID** (will begin with "org-") #### Generate an API Key 1. While in the OpenAI Dashboard, navigate to **API Keys** 2. Click **Create new secret key** 3. Give your key a name that indicates it's for Veza integration (e.g., "Veza-Integration") 4. Copy the API key immediately, as you won't be able to see it again See the [official OpenAI API documentation](https://platform.openai.com/docs/api-reference/authentication) for more details. ### Configuring OpenAI on the Veza Platform This integration is provided as an Open Authorization API (OAA) connector package. There are multiple options for running the connector, including command line and Docker. #### Prerequisites 1. Contact your Veza support representative to obtain the preview OAA connector. 2. Generate an [API token](/4yItIzMvkpAvMVFAamTf/developers/api/authentication.md) for your Veza user. #### Command Line Setup 1. Install the requirements with Python 3.8+: ```shell pip3 install -r requirements.txt ``` 2. Export the required environmental variables: ```shell export VEZA_API_KEY="your_veza_api_key" export VEZA_URL="https://your-instance.vezacloud.com" export OPENAI_ORG_ID="org-your_organization_id" export OPENAI_API_KEY="your_openai_api_key" ``` 3. Run the connector: ```shell ./veza_openai.py ``` #### Docker Setup A `Dockerfile` is included in the repository. Running the container will perform the OpenAI discovery and OAA push then exit. Schedule the container to run on a regular interval. 1. Build the container: ```shell docker build . -t veza_openai ``` 2. Run the container with all required parameters: ```shell docker run --rm \ -e OPENAI_ORG_ID="org-your_organization_id" \ -e OPENAI_API_KEY="your_openai_api_key" \ -e VEZA_URL="https://your-instance.vezacloud.com" \ -e VEZA_API_KEY="your_veza_api_key" \ veza_openai ``` #### Configuration Options | Parameter | Environmental Variable | Required | Notes | | -------------- | ---------------------- | -------- | -------------------------------------------------------------- | | N/A | `VEZA_API_KEY` | true | API token to connect to your Veza instance | | `--veza_url` | `VEZA_URL` | true | URL of your Veza instance | | `--openai-org` | `OPENAI_ORG_ID` | true | Organization ID for your OpenAI organization | | N/A | `OPENAI_API_KEY` | true | API key for OpenAI | | `--save_json` | N/A | false | Save a copy of the metadata JSON uploaded to the Veza instance | | `--debug` | N/A | false | Enable verbose debug logging | ### Notes and Supported Entities The OpenAI integration discovers users and their respective roles within your OpenAI organization. #### Organization Properties | Entity | Property | Description | | ------ | ----------------- | ---------------------------------------------------------- | | Org | `is_personal` | Boolean indicating if the organization is a personal space | | Org | `organization_id` | The unique identifier for the OpenAI organization | #### User Properties | Entity | Property | Description | | ------ | -------- | ----------------------------------------------- | | User | `email` | User's email address, used for identity mapping | #### Supported Roles and Permissions The integration maps OpenAI roles to specific permissions: | Role | Permissions | | ------ | ------------------------------------------------------------------------ | | Owner | Standard API Requests, Read Organization, Modify Billing, Manage Members | | Reader | Standard API Requests, Read Organization | #### Custom Permissions | Permission | Description | | --------------------- | ----------------------------------------------------------------- | | Standard API Requests | Ability to make API calls to OpenAI services (DataRead) | | Read Organization | Ability to view organization settings and details (MetadataRead) | | Modify Billing | Ability to modify billing settings (MetadataWrite) | | Manage Members | Ability to add/remove members to the organization (MetadataWrite) | --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.veza.com/4yItIzMvkpAvMVFAamTf/integrations/integrations/openai.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.