Strategy One

Integrating Strategy with Okta OIDC Single Sign-On

Prerequisite

Complete all steps in Configure OAuth Parameters: Authorization Code Workflow.

Create a Data Source Using OIDC Single Sign-On Authentication Mode

  1. Open the Workstation window.

  2. Connect to an environment.

  3. Create an Enterprise Security Object. For more information, see Manage OAuth Enterprise Security with Identity and Access Management (IAM) Objects.

    All required information should be collected in the Configure OAuth Parameters with Okta section of Configure OAuth Parameters: Authorization Code Workflow.

  4. In the Navigation pane, click next to Data Sources.

  5. Search for and choose Snowflake from the data source list.

  6. In the Default Database Connection drop-down list, click Add New Database Connection.

  7. Type a Name for the new database connection.

  8. In the Driver drop-down list, choose the Snowflake ODBC or JDBC driver.

  9. In Connection Method, ensure Standard is selected.

  10. Click the Basic tab.

  11. Type a Server Name.

  12. Optionally type a Warehouse, Database, Schema, and Role.

  13. In the Authentication Service drop-down list, choose an authentication service or click Add New Authentication Service.

    For more information, see Manage OAuth Enterprise Security with Identity and Access Management (IAM) Objects.

  14. In Scope, enter the same values you defined in your Enterprise Security Object.

  15. Click Save.

  16. Type a Name and select Projects for the data source.

  17. Click Save.

Create and Map Users to Okta Login

  1. Open the Workstation window.

  2. Connect to an environment.

  3. In the Navigation pane, click User and Groups.

  4. Click next to All Users.

  5. In Account and Credentials, enter a Full Name, Email Address, Username, and Password, if required.

  6. In the left pane, click Privileges and add the following privileges:

    • Access data from Databases, Google BigQuery, BigData, OLAP, BI tools

    • Create and edit database instances and connections

    • Create and edit database logins

    • Create configuration objects

    • Create dataset in Workstation

    • Configure project data source

    • Monitor Database Connections

    • Use Workstation

  7. In the left pane, click Authentication.

  8. In Trusted Authenticated Request User ID, type the user's email address.

  9. Click Save.

Configure OIDC

  1. Open the Workstation window.

  2. Connect to an environment.

  3. Right-click the environment and click Configure Enterprise Security > Configure OIDC.

  4. In Select an identity provider, expand the drop-down list and choose Okta.

  5. Complete the steps in Enable OIDC Authentication for Strategy Library to configure OIDC for your Strategy environment.

    In Okta Configuration, ensure the Login Redirect URIs are added in Configure OAuth Parameters with Okta in Step 1 of Configure OAuth Parameters: Authorization Code Workflow.

  6. In MicroStrategy Configuration, type the information from Configure OAuth Parameters with Okta in Step 10 of Configure OAuth Parameters: Authorization Code Workflow.

  7. Click Save.

  8. Restart the Web server.

Single Sign-On with OIDC

  1. Open the Workstation window.

  2. Connect to an environment.

  3. Right-click the environment and click Edit Environment Information.

  4. In Authentication Mode, select Default OIDC and click Continue.

  5. Log in to your Okta account in the browser dialog.

  6. Use an Administrator account to grant privileges to the new user.

    You can ignore this step if you have mapped the user to your Okta account (as seen in Enable Single Sign-On with OIDC Authentication) and already granted privileges.

  7. In the Navigation pane, click next to Datasets.

  8. In the Project drop-down list, choose a project.

  9. Select Data Import Cube and click OK.

  10. Choose the data source you created for your OIDC SSO in Create a Data Source using OIDC Single Sign-On as Authentication Mode.

    The namespaces and tables display.