Using Azure AD Service

You can configure the connector to authenticate your connection through IAM authentication using the Azure AD service.

To configure IAM authentication using Azure AD:

1. To access the IAM authentication options, open the ODBC Data Source Administrator where you created the DSN, select the DSN, and then click Configure.
2. From the Auth Type drop-down list, select Identity Provider: Azure AD.
3. In the User field, type the user name associated with your Redshift application on Azure AD.
4. In the Password field, type the password associated with your Redshift application on Azure AD.
5. Encrypt your credentials by selecting one of the following:
   • If the credentials are used only by the current Windows user, select Current User Only.
   • Or, if the credentials are used by all users on the current Windows machine, select All Users Of This Machine.
6. If the ID and region of the Redshift server cluster are not already provided through the Server field, then do the following:
1. In the Cluster ID field, type the ID for the Redshift server cluster.
2. In the Region field, type the region for the Redshift server cluster.
7. In the DbUser field, type the ID that you want to designate to the Redshift user.
8. If the ID you entered in the DbUser field does not already exist in your Redshift account, you must create it:
1. Select the User AutoCreate check box.
2. In the DbGroups field, type the names of any user groups that you want the new DbUser to be added to, separated by commas.
3. Optionally, to lowercase all DbGroups that are received from the identity provider, select the Force Lowercase check box.
9. In the DbGroups Filter field, type the DbGroup filter you want to use.
10. Optionally, in the Endpoint URL field, type the endpoint used to communicate with the Redshift cluster.
11. Optionally, in the STS Endpoint URL field, type the endpoint used to communicate with the AWS Security Token Service (AWS STS).
12. Optionally, in the AuthProfile field, type the authentication profile you want to use to manage the connection settings, then do the following:
    1. In the AccessKeyID field, type your Redshift access key ID.
    2. In the SecretAccessKey field, type your Redshift secret key.
13. In the Azure Client ID field, type the client ID associated with your Redshift application on Azure AD.
14. In the Azure Client Secret field, type the client secret associated with your Redshift application on Azure AD.
15. In the Preferred Role field, type the name or ID for the IAM role you want the user to assume when logged into Redshift.
16. In the IdP Tenant field, type the Azure AD tenant ID associated with your application.
17. To save your settings and close the dialog box, click OK.

Related topics

• Using a Browser Plugin for Azure AD
• Security and Authentication
• Authentication Driver Configuration Options on page 1
• Configuring Authentication
• Creating a Data Source Name