Using PingFederate Service

You can configure the connector to authenticate your connection through IAM authentication using the credentials stored in the PingFederate service.

To configure IAM authentication using PingFederate service:

  1. Set the UID property to the user name associated with your Ping account.
  2. Set the PWD property to the password associated with your Ping user name.
  3. Set the IAM property to 1.
  4. Set the plugin_name property to ping.
  5. If the ID and region of the Redshift server cluster are not already provided through the Server property, then do the following:
    1. Set the ClusterID property to the ID for the Redshift server cluster.
    2. Set the Region property to the region for the Redshift server cluster.
  6. Set the DbUser property to the ID that you want to designate to the Redshift user.
  7. If the ID you specified for the DbUser property does not already exist in your Redshift account, you must create it:
    1. Set the AutoCreate property to 1.
    2. Set the DbGroups property to the names of any user groups that you want the new DbUser to be added to, separated by commas.
    3. Optionally, to lowercase all DbGroups that are received from the identity provider, select the Force Lowercase check box.
  8. Optionally, set the EndpointUrl property to the endpoint used to retrieve the Redshift cluster's credentials.
  9. Optionally, set the StsEndpointUrl property to the endpoint used to communicate with the AWS Security Token Service (AWS STS).
  10. Optionally, set the VPCEndpointUrl property to the endpoint used to communicate with the Redshift cluster.
  11. Optionally, set the AuthProfile property to the authentication profile you want to use to manage the connection settings, then do the following: 
    1. Set the AccessKeyID property to your Redshift access key ID.
    2. Set the SecretAccessKey property to your Redshift secret key.
  12. Set the IdP_Host property to the address of the service host.
  13. Set the IdP_Port property to the port number that the service listens at.
  14. Set the Preferred_Role property to the name or ID for the IAM Role that you want the user to assume when logged in to Redshift.
  15. To skip verification of the SSL certificate of the IDP server, set the SSL_Insecure property to 1.
  16. Optionally, set the partner_spid property to a partner SPID (service provider ID) value.