Enabling SSO to a Virtual Warehouse
Learn how to enable SSO (single sign-on) to your Virtual Warehouse from JDBC/ODBC clients. Your authorized clients can connect to the Virtual Warehouse using SSO. Find out how to recognize a connection string to connect to a Virtual Warehouse that is SSO-enabled.
You enable SSO connections to your Virtual Warehouse when you create a virtual warehouse. Authentication occurs through your browser and enterprise identity provider (IdP) provider. Your authorized clients can connect to the Virtual Warehouse using SSO.
When you configure an Impala Virtual Warehouse to use SSO, connections that use the JDBC URL or the ODBC connection string are SSO-enabled connections. Connections to the warehouse using the Impala shell will still use LDAP.
When you configure a Hive Virtual Warehouse to use SSO, all connections that use the JDBC URL are authenticated with the IdP provider that is configured in Management Console.
If you are using ODBC to connect, ODBC connector (driver) documentation explains how to make the ODBC connection.
- You must configure an IdP in the User Management module of Management Console compliant with Security Assertion Markup Language (SAML 2.0).
- In you must set up a user group, required for enabling SSO, that identifies the users authorized to access to this Virtual Warehouse.
- You must obtain the DWAdmin role.
- Follow instructions for adding a new Virtual Warehouse.
- In Size, select the number of executors, for example xsmall-2Executors.
Optionally, select Enable SSO to enable single sign-on
to your Virtual Warehouse, and in User Groups, select a
user group set up in advance to access endpoints.
Accept default values for other settings, or change the values to suit your use
case, and click CREATE.
Click the tooltip for information about a setting.
- Optionally, in your Virtual Warehouses tile, click options , and select Copy JDBC URL.
Paste the URL somewhere, and check that a Virtual Warehouse is configured for
SSO connections by looking for the auth=browser clause in JDBC URL.
Give users the JDBC JAR and JDBC URL
information for connecting to the Virtual Warehouse.
Users configure an ODBC or JDBC connection to the Virtual Warehouse with a third-party BI tool. A browser window appears with the following success message:
"Successfully authenticated. You may close this window."
Users can query tables they are authorized to access.