D toc |
---|
You can extend the basic SSO integration between the
D s platform | ||
---|---|---|
|
Supported relational connection types:
- Azure SQL Database
- SQL Datawarehouse
Pre-Requisites
- SSO integration to Azure AD must be enabled. See Configure SSO for Azure AD.
Limitations
- Sharing of Azure connections is supported in the following manner:
- Non-SSO Azure connections: Shared normally, with or without credentials.
- SSO Azure connections:
- The connection can be shared, but the credentials cannot.
- If the user who is shared the connection attempts to use it, that user's SSO principal is used. If that SSO principal has the same permissions as the original user, then the connection is fully operational. If not, then some data may not be accessible.
- Write operations to SQL Datawarehouse are not supported for Azure SSO connections.
Configure Azure AD for
D s platform |
---|
Your Azure admin must enable the following:
- Your SQL Server database must have an Active Directory Admin assigned to it.
- This assignment must be applied for SQL DB and SQL DW connections.
- Each user that is creating and using SQL Server connections over SSO must have a corresponding account in the SQL Server database.
- To the Azure AD application, the "Azure SQL Database - user impersonation" permissions must be added.
For more information, please contact your Azure administrator.
Configure
D s platform |
---|
Define scope
You can define the scope of access in either of the following ways:
- The Azure admin can manually define access for individual databases, or:
- You can do the following on the
:D s node - SSH to the
. Login as an administrator.D s node Navigate to the following:
Code Block /opt/trifacta/conf/
- Open
.D s triconf Locate the
azure.sso.scope
property. Add this value to the property:"https://database.windows.net/user_impersonation"
It is the second line in the following:
Info NOTE: If there are now multiple values in the entry, a comma must be placed after every line except for the last one.
Code Block { "azure": { "sso": { "scope": [ "https://datalake.azure.net/user_impersonation", "https://database.windows.net/user_impersonation" ] } } }
- Save the file.
- SSH to the
Enable SSO credential type
Info |
---|
NOTE: This configuration applies only for SQL DW connections. However, even if you are not creating these connections immediately, you should perform this configuration change. |
When you create Azure SSO relational connections, you must select azureTokenSso
for the credential type.
- For SQL DB connections, this selection is automatically enabled.
- For SQL DW connections, you must specify that this option is available by making a manual edit to a file on the
.D s node
Steps:
- SSH to the
. Login as an administrator.D s node Navigate to the following directory:
Code Block /opt/trifacta/service/data-service/build/conf/vendor/sqldatawarehouse
- Edit
connection-metadata.json
. - Locate the
credentialType
property. Set the value toazureTokenSso
. Save your changes and restart the platform.
Create Connections
When you create a relational connection where Azure SSO has been enabled, select Azure Token SSO
from the Credential Type drop-down.
Info |
---|
NOTE: The SSO principal of the user who is creating or accessing the connection is used to connect to the specified database. |
User Access
Users can access the connections through the Import Data page. See Import Data Page.