Using Active Directory Federation Services (AD FS)

You can configure the connector to authenticate your connection through IAM authentication using the credentials stored in AD FS.

To configure IAM authentication using AD FS:

1. To access the IAM authentication options, open the ODBC Data Source Administrator where you created the DSN, select the DSN, and then click Configure.
2. From the Auth Type drop-down list, select Identity Provider: AD FS.
3. Choose one of the following options:
   • To log in using Windows Integrated Authentication, leave the User and Password fields blank.
   • Or, to log in without using integrated authentication:
     1. In the User field, type the user name associated with your AD FS account.
     2. In the Password field, type the password associated with your AD FS user name.
4. Encrypt your credentials by selecting one of the following:
   • If the credentials are used only by the current Windows user, select Current User Only.
   • Or, if the credentials are used by all users on the current Windows machine, select All Users Of This Machine.
5. If the ID and region of the Redshift server cluster are not already provided through the Server field, then do the following:
1. In the Cluster ID field, type the ID for the Redshift server cluster.
2. In the Region field, type the region for the Redshift server cluster.
6. In the DbUser field, type the ID that you want to designate to the Redshift user.
7. If the ID you entered in the DbUser field does not already exist in your Redshift account, you must create it:
1. Select the User AutoCreate check box.
2. In the DbGroups field, type the names of any user groups that you want the new DbUser to be added to, separated by commas.
3. Optionally, to lowercase all DbGroups that are received from the identity provider, select the Force Lowercase check box.
8. Optionally, in the Endpoint URL field, type the endpoint used to communicate with the Redshift cluster.
9. Optionally, in the STS Endpoint URL field, type the endpoint used to communicate with the AWS Security Token Service (AWS STS).
10. Optionally, in the AuthProfile field, type the authentication profile you want to use to manage the connection settings, then do the following:
    1. In the AccessKeyID field, type your Redshift access key ID.
    2. In the SecretAccessKey field, type your Redshift secret key.
11. In the IdP Host field, type the address of the service host.
12. In the IdP Port field, type the port number the service listens at.
13. To skip verification of the SSL certificate of the IDP server, select the SSL Insecure check box.
14. In the Preferred Role field, type the name or ID for the IAM role you want the user to assume when logged in to Redshift.
15. Optionally, in the Login To RP field, type the relying party trust you want to use.
16. To save your settings and close the dialog box, click OK.

Related topics

• Security and Authentication
• Authentication Driver Configuration Options on page 1
• Configuring Authentication
• Creating a Data Source Name