Bring your best ideas to the AI Use Case Contest! Enter to win 40 hours of expert engineering support and bring your vision to life using the powerful combination of Alteryx + AI. Learn more now, or go straight to the submission form.
community Alteryx IO MyAlteryx
alteryx Community
Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Close
Start Free Trial

Alteryx Designer Desktop Discussions

Find answers, ask questions, and share expertise about Alteryx Designer Desktop and Intelligence Suite.
SOLVED

Simba ODBC Big Query Workload Identity Federation

lzanotti
8 - Asteroid
‎09-23-2024 09:39 AM

hi community, 

I have a question around the connectivity of Alteryx using the Workload Identity federation for Big Query. 

Bit of a background: we are currently using a Simba ODBC for BigQuery to connect to Alteryx. We are using the standard Input Output tool and the performance stability of the gallery is great. However we originally set it up using the  Service Authentication OAuth Mechanism.

I just wonder if we should use the Workload Identity federation as explained by Google Big Query as most secure way to connect? 
https://cloud.google.com/iam/docs/workload-identity-federation?_gl=1*19pykcm*_ga*MTQzNjY5MTY2NS4xNjk...

And if anyone can share any documentation tips in order to use this? 
Obviously we wish to keep if possible the same way we run the workflow for each user in Designer and when they deploy using the Alteryx Service Account to run in the Gallery.

Thanks
Luca 

Labels:
Reply
0 Likes

Accepted SolutionSolved! Go to Solution.

1 REPLY 1
apathetichell
20 - Arcturus
‎09-23-2024 09:57 AM

Is your server a GCP, AWS or (hopefully not) Azure VM? If so - yes you can use that workfload identity federation (or straight up CLI) BUT you will need to run all your BQ Alteryx things via Gcloud CLI or Python- not Alteryx tools.  Alteryx tools do not support external connections for cloud services (ie the connection is handled at the environment -> cloud level vs the Alteryx to cloud level). This is semi-standard.

 

So your new workflow would be:

Alteryx runs script (let's say Python) to connect to BQ and run query. Python tool outputs DF to Alteryx workflow for processing.

 

Also - yes. federated/workload/oidc is safer than static credential authentication.

Reply
0 Likes
GenAI Contest Form
License admin COmmunity Live
Labels
Top Solution Authors
View All