Page tree


Contents:

   

Contents:


NOTE: This connection type is disabled by default. For more information on enabling this connection type, please contact, Alteryx Support.


This section describes the steps to configure the Designer Cloud application  to integrate with your Denodo deployment using OAuth 2.0 to authenticate.

To enable OAuth 2.0 for Denodo , you must do the following:

  • Create an OAuth 2.0 client app for Denodo  in a supported identity provider

    Tip: Azure AD is used as an example.

  • Configure Denodo  Server to use the OAuth 2.0 client credentials
  • Create the Denodo client in the Designer Cloud application

After completing the above, you can create a connection in the Designer Cloud application  to Denodo  Server to begin accessing your data.

Create OAuth 2.0 Client App in Identity Provider

NOTE: Denodo Server supports integration with a variety of identity providers, including Azure AD and Okta. The example references how to create the client app in Azure AD. These steps should be similar in Okta or other supported identity providers.

In Azure AD, you must create the client app that the Designer Cloud application  uses OAuth 2.0 to access and connect to your Denodo  data.

  1. Log in into https://portal.azure.com/#home.
  2. Navigate to Manage > App registrations > New registration. The registration page is displayed.

  3. In the registration page, enter the following details:

    1. Name: Enter the name of the OAuth2 client.
    2. Supported account types: Select the single tenant option.
    3. Redirect URI
      1. Select Web from the drop-down.
      2. For redirect URI:
        https://cloud.trifacta.com/oauth2/callback
  4. To register the client, click Register.

  5. Navigate to Manage > Expose and API > Add a scope. Provide the same scope name as the role of the Denodo  user. The new scope would be in the following format:

    api://<client id>/<scope name>

  6. Save the Client ID, Client secret value, Tenant ID, and Scope in a text file for further reference.

Denodo Server Configuration with Azure AD OAuth2 Client Details

You must configure Denodo  Server to use the Azure AD OAuth 2.0 client credentials for authentication.

  1. Log into your  Denodo  design studio or Virtual DataPort Admin tool.  
    1. Design studio: Navigate to Administration > Server configuration > Security > OAuth.
    2. Admin tool: Navigate to Administration >  Server configuration > Server authentication > OAuth.
  2. Enter the following details: 
    1. Enable OAuth 2.0 authentication : Enabled
    2. Select a validation mode : Use JWT
    3. Select the signing algorithm : RS256

    4. Issuer : https://sts.windows.net/<tenant id>/   

    5. Audience : <Leave empty>
    6. JWKS URL: https://login.microsoftonline.com/<tenant id>/discovery/keys

    7. Subject field name : <Leave empty>
    8. Attribute of the token with user’s role : scp
    9. Check the JWT Id field : Disabled
  3. Navigate to Administration > Role management. Verify that the user role has Connect and Execute privileges at a minimum. 

Create OAuth 2.0 Client for Denodo

After the Denodo client app has been created, you must create an OAuth 2.0 client in the   Designer Cloud application  , which is used to integrate with the client app that you created above.

NOTE: You must create one OAuth 2.0 client in the Designer Cloud application  for each Denodo client app that you wish to use.

Steps:

  1. Login to the Designer Cloud application  as a workspace administrator.
  2. In the left nav bar, select User menu > Admin console > OAuth2.0 Clients
  3. In the OAuth2.0 Clients page, click Register OAuth2.0 Client.
  4. Specify the new client. Apply the following values:

    SettingDescription
    Type

    Set to Denodo .

    Name

    Display name for the OAuth 2.0 client in the Designer Cloud application .

    Client ID

    Client ID of the Azure AD app created above.

    Client Secret

    Client secret value of the Azure AD app created above.

    Authorization URL

    Set this value to the following:


    https://login.microsoftonline.com/<tenant id>/oauth2/v2.0/authorize
    Token URL

    Set this value to the following:

    https://login.microsoftonline.com/<tenant id>/oauth2/v2.0/token 
    Scopes

    Set this value to the following:
    offline_access <scope created above>

    Access Token Expires inSet this value to the number of milliseconds (3600000 ) after which the access token expires.
    Refresh Token Expires In

    Set this value to the number of milliseconds (7776000000) after which the refresh token expires.

  5. To save your OAuth 2.0 client, click  Save.

For more information, see Create OAuth2 Client.

Create Denodo Connection

After you have created the OAuth 2.0 client app and client, you can create a connection in the Designer Cloud application  to access your Denodo  data.

NOTE: You must create a separate connection for each OAuth 2.0 client that is available in the Designer Cloud application .

For more information, see Denodo Connections.

See Also for OAuth 2.0 for Denodo:

This page has no comments.