Enable OAuth 2.0 Authentication
Workspace administrators can enable the use of OAuth 2.0 authentication for creating connections to third-party datastores that support OAuth 2.0 or greater authentication.
OAuth 2.0 is an industry-standard protocol for authorization between systems. In the Designer Cloud Powered by Trifacta platform, it is implemented as a security protocol for access to data sources and publishing destinations. Alteryx adminstrators can enable users of the product to connect to specified third-party systems through an OAuth 2.0 client app that you create in the system, using an OAuth 2.0 client reference that is created in the Trifacta Application.
When enabled and configured, the Trifacta Application uses the OAuth 2.0 client to create a secure token, which is used to authenticate to the third-party system.Internally, the Designer Cloud Powered by Trifacta platform leverages the secure token service to manage the creation and use of these secure tokens. For OAuth 2.0, this service uses a backing database for storing tokens.Requirements:
OAuth 2.0 client app: In the target system, you must create an object called a client app, which provides an authentication interface into the system for external connections.
You must create one client app for each external system to which you are enabling connectivity.
OAuth 2.0 client: In the Trifacta Application, you must create at least one configuration object for each client app that you have created.
Enable the creation of OAuth 2.0 clients in the Trifacta Application.
Enable the secure token service, which is used to manage the secure tokens of the Trifacta Application.
Install and configure the database used by the secure token service. Installation should happen automatically as part of the normal install or upgrade process.
Details on these requirements are listed below.
Enable
The ability to create OAuth 2.0 clients in the Trifacta Application must be enabled. Please verify the following configuration.
Steps:
You can apply this change through the Admin Settings Page (recommended) or
trifacta-conf.json. For more information, see Platform Configuration Methods.Please locate the following setting and set it to
true:"feature.adminConsole.oauth2ClientsManagement.enabled": true,
Save your changes.
When you create an OAuth 2.0 connection, the connection object must pass to the client on the target platform the URL of the Trifacta Application, so that the client can re-direct queries back to the application after authentication is complete.
Please verify that the following parameter is set to the public value of the host and port number of the Trifacta Application. It should be in the following form:
<http/https>://<host>:<port>
where:
<http/https>= protocol to use to connect<host>= host name for external users to access the application<port>= port number for external users to access the application. Typically, this value is3005.
Steps:
You can apply this change through the Admin Settings Page (recommended) or
trifacta-conf.json. For more information, see Platform Configuration Methods.Please verify the following setting is set to the correct value for your environment:
"webapp.hostUrl": "https://www.trifacta.example.com:3005",
Save your changes.
OAuth 2.0 requires the use of the secure token service for managing the authentication tokens. For more information, see Configure Secure Token Service.
The secure token service database is installed as part of normal database install or upgrade operations. For more information, see Install Databases.
Create OAuth 2.0 App
For each target system, you must create an OAuth 2.0 app in the system, which provides an external interface for the Designer Cloud Powered by Trifacta platform.
Note
The requirements for creating an OAuth 2.0 app depend on the system. Some example setups are available below. For more information, please see the documentation provided with your target system.
Create OAuth 2.0 Client
Through the Trifacta Application, you must create an OAuth 2.0 client that connects to the OAuth 2.0 app that you have created.
In the Admin console, select OAuth 2.0 Clients. For more information, see OAuth 2.0 Clients Page.
For more information on creating a client, see Create OAuth2 Client.
Authenticate OAuth 2.0 Connections
When you create a connection that uses OAuth 2.0, the specified connection must be authorized to be given access to the datastore. In the Create Connection window, click Authenticate.
Note
If you modify a connection or the tokens generated under the previous authorization have expired, you must re-authenticate the connection. Edit the connection and click Re-authenticate.