Get Inspire insights from former attendees in our AMA discussion thread on Inspire Buzz. ACEs and other community members are on call all week to answer!
community Alteryx IO Alteryx.com
alteryx Community
Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Close
Free Trial

Alteryx Designer Desktop Discussions

Find answers, ask questions, and share expertise about Alteryx Designer Desktop and Intelligence Suite.

Use Azure AD SSO with Azure Databricks

renat_isch
Alteryx
Alteryx
‎05-15-2023 10:51 AM

Alteryx 2022.3 release introduced Azure Active Directory (Azure AD) authentication support, Single Sign-On (SSO), for Databricks. This update allows users to authenticate to Databricks with Azure AD accounts. Alteryx Designer 2022.3 release enables users leverage two types of Azure AD application configurations to access Databricks data: single-tenant and multi-tenant application. This post covers multi-tenant application configuration

 

To access Databricks data with Azure AD accounts, users are required to have the following configuration in place:

  • Have the latest version of Databricks ODBC driver installed on users' machines. The latest version can be downloaded from Alteryx Data sources page: Data Sources | Alteryx Help
  • Have Azure Databricks account created within their tenant;
  • Obtain authentication details required to setup a new connection between Alteryx Designer and Databricks.

Multi-tenant application setup

In this post we will cover how to:

  • Obtain required details of your Azure Databricks instance;
  • Connect to Databricks using Azure AD account from Alteryx Designer.

Please note, the following example is intended for demonstration purposes only. We recommend engaging your systems team to help you with the configuration. This example covers multi-tenant OAuth implementation.

 

Obtain details of your Azure Databricks instance

To allow users access Azure Databricks data using Azure Active Directory identities organisations need to make sure that users exist and are identified by the same user principal names (UPNs) in both Databricks and Azure AD. Databricks recommends using user email address as UPN.

In order to access your Azure Datbaricks data, you need to obtain the following inputs from your Azure Databricks account administrator:

  • Azure Databricks server URI;

  • Port;

  • HTTP path of your Azure Databricks cluster;

Access Databricks data with Azure AD Account

You can access your data in Databricks from Alteryx Designer using your Azure AD account. Add input or output tool, check “Use Data Connection Manager (DCM)” box and select Databaricks from the list of available data sources in Alteryx Designer. Select Quick Connect, provide your Databricks instance details.

Screenshot 2023-02-16 at 18.30.37.png

 

Next, create new credential and select Azure AD authentication method:

 

Screenshot 2023-02-16 at 18.34.52.png
Do not change the value of the scope parameter. It represents the programmatic ID for Azure Databricks (2ff814a6-3304-4ab8-85cb-cd0e6f879c1d) along with the default scope (/.default, URL-encoded as %2f.default). 
 
After filling out above details and clicking connect, you will be redirected to the Azure AD login page. You will be prompted to login with your Azure AD account and grant this application required permissions. Once done, you will be able to explore your Azure Databricks data. After filling out above details and clicking connect, you will be redirected to the Azure AD login page. You will be prompted to login with your Azure AD account and grant this application required permissions. Once done, you will be able to explore your Azure Databricks data.

 

Related Documentation

Please refer to the following documentation to learn more about Azure Active Directory and Azure Databricks integration.

Get Azure AD tokens for service principals - Azure Databricks

 

Common issues

Depending on your Azure AD configuration, individual users might not be able to grant required consent to Azure AD application. In this case you might be presented with one of the following cases:

 

Approval request submitted to account admin. You are presented with the following prompt asking you to submit approval request to your account admin who would need to approve and grant required access to this application.renat_isch_0-1684173136601.png

Upon submitting request, your account admin receives a notification and needs to approve your request. Once approval is granted, you can reset the connection and be able to access your Snowflake data.

 

Need admin approval. This screen appears when your Azure AD settings don’t allow individual users grant consent to applications. In this specific case, accounts setting doesn’t allow users to submit approval requests to your directory admin. To resolve this problem, you should ask your account admin to use his/her credentials when first setting up connection from Alteryx Designer and provide consent to this app on behalf of the organisation. Upon completing these steps, all further Azure AD tenant users will be able to grant consent without further approvals. Alternatively, you might want to ask your Azure AD admin to update your tenant consent policy to allow users submit approval requests to account admin.

 

renat_isch_1-1684173136753.png
Reply
0 REPLIES 0
get your questions about inspire answered by inspire attendees
learn more about the python upgrade coming in may 2024
Labels