Using Active Directory Federation Services (AD FS)

You can configure the connector to authenticate your connection through IAM authentication using the credentials stored in AD FS.

To configure IAM authentication using AD FS:

1. Choose one of the following options:
   • To log in using Windows Integrated Authentication, do not specify the UID and PWD properties.
   • Or, to log in without using integrated authentication:
     1. Set the UID property to the user name associated with your AD FS account.
     2. Set the PWD property to the password associated with your AD FS user name.
2. Set the IAM property to 1.
3. Set the plugin_name property to adfs.
4. If the ID and region of the Redshift server cluster are not already provided through the Server property, then do the following:
1. Set the ClusterID property to the ID for the Redshift server cluster.
2. Set the Region property to the region for the Redshift server cluster.
5. Set the DbUser property to the ID that you want to designate to the Redshift user.
6. If the ID you specified for the DbUser property does not already exist in your Redshift account, you must create it:
   1. Set the AutoCreate property to 1.
   2. Set the DbGroups property to the names of any user groups that you want the new DbUser to be added to, separated by commas.
7. Optionally, set the EndpointUrl property to the endpoint used to communicate with the Redshift cluster.
8. Optionally, set the StsEndpointUrl property to the endpoint used to communicate with the AWS Security Token Service (AWS STS).
9. Optionally, set the AuthProfile property to the authentication profile you want to use to manage the connection settings, then do the following: 
   1. Set the AccessKeyID property to your Redshift access key ID.
   2. Set the SecretAccessKey property to your Redshift secret key.
10. Set the IdP_Host property to the address of the service host.
11. Set the IdP_Port property to the port number that the service listens at.
12. Set the Preferred_Role property to the name or ID for the IAM role that you want the user to assume when logged in to Redshift.
13. Optionally, set the loginToRp property to the the relying party trust you want to use.
14. To skip verification of the SSL certificate of the IDP server, set the SSL_Insecure property to 1.

Related topics

• Security and Authentication
• Authentication Driver Configuration Options on page 1
• Configuring Authentication
• Configuring the Driver on page 1