OAuth 2.0 for Denodo
Note
This connection type is disabled by default. For more information on enabling this connection type, please contact, Alteryx Support.
This section describes the steps to configure Alteryx Analytics Cloud (AAC) to integrate with your Denodo deployment using OAuth 2.0 to authenticate.
To enable OAuth 2.0 for Denodo, you must do the following:
Create an OAuth 2.0 client app for Denodo in a supported identity provider.
Tip
Azure AD is used as an example.
Configure Denodo Server to use the OAuth 2.0 client credentials.
Create the Denodo client in AAC .
After completing the above, you can create a connection in AAC to Denodo Server to begin accessing your data.
Create OAuth 2.0 Client App in Identity Provider
Note
Server supports integration with a variety of identity providers, including Azure AD and Okta. The example references how to create the client app in Azure AD. These steps should be similar in Okta or other supported identity providers.
In Azure AD, you must create the client app that AAC uses OAuth 2.0 to access and connect to your Denodo data.
Sign in to https://portal.azure.com/#home.
Go to to Manage > App registrations > New registration. The registration page displays.
In the registration page, enter the following details:
Name: Enter the name of the OAuth2 client.
Supported account types: Select the single tenant option.
Redirect URI:
Select Web from the drop-down.
For redirect URI:
https://ayxpreview.alteryxcloud.com/oauth2/callback
To register the client, select Register.
Go to Manage > Expose and API > Add a scope. Provide the same scope name as the role of the Denodo user. The new scope would be in the following format:
api://<client id>/<scope name>
Save the Client ID, Client secret value, Tenant ID, and Scope in a text file for further reference.
Denodo Server Configuration with Azure AD OAuth2 Client Details
You must configure Denodo Server to use the Azure AD OAuth 2.0 client credentials for authentication.
SIgn in to your Denodo design studio or Virtual DataPort Admin tool.
Design studio: Go to Administration > Server configuration > Security > OAuth.
Admin tool: Go to Administration > Serverconfiguration > Server authentication > OAuth.
Enter these details:
Enable OAuth 2.0 authentication : Enabled
Select a validation mode : Use JWT
Select the signing algorithm : RS256
Issuer :
https://sts.windows.net/<tenant id>/
Audience : <Leave empty>
JWKS URL:
https://login.microsoftonline.com/<tenant id>/discovery/keys
Subject field name : <Leave empty>
Attribute of the token with user’s role : scp
Check the JWT Id field : Disabled
Go to Administration > Role management. Verify that the user role has Connect and Execute privileges at a minimum.
Create OAuth 2.0 Client for Denodo
After the Denodo client app has been created, you must create an OAuth 2.0 client in AAC, which is used to integrate with the client app that you created above.
Note
You must create 1 OAuth 2.0 client in AAC for each Denodo client app that you wish to use.
Steps:
SIgn in to AAC as a workspace administrator.
In the left nav bar, select Profile menu > Workspace Admin > OAuth2.0 Clients.
In the OAuth2.0 Clients page, select Register OAuth2.0 Client.
Specify the new client. Apply the following values:
Setting
Description
Type
Set to Denodo.
Name
Display name for the OAuth 2.0 client in AAC.
Client ID
Client ID of the Azure AD app created above.
Client Secret
Client secret value of the Azure AD app created above.
Authorization URL
Set this value to the following:
https://login.microsoftonline.com/<tenant id>/oauth2/v2.0/authorize
Token URL
Set this value to the following:
https://login.microsoftonline.com/<tenant id>/oauth2/v2.0/token
Scopes
Set this value to:
offline_access <scope created above>
Access Token Expires in
Set this value to the number of milliseconds (3600000) after which the access token expires.
Refresh Token Expires In
Set this value to the number of milliseconds (7776000000) after which the refresh token expires.
To save your OAuth 2.0 client, select Save.
For more information, go to Create OAuth2 Client.
Create Denodo Connection
After you have created the OAuth 2.0 client app and client, you can create a connection in AAC to access your Denodo data.
Note
You must create a separate connection for each OAuth 2.0 client that is available in AAC.
For more information, go to Denodo Connections.