MicroStrategy ONE

Integrating OAuth Support with SAP HANA

Starting in MicroStrategy 2021 Update 8, OAuth is a supported authentication method for SAP HANA ODBC connections. Such database instances can be only created via the Data Sources area of Workstation. Consumption is available in Workstation, Web, and Library. This topic provides the requirements and procedures for creating and using OAuth SAP HANA data sources with Azure AD.

An Azure AD app registration properly set up for OAuth. See Configure Azure AD with SAP Hana OAuth for more information.

An up-and-running SAP HANA instance, with JWT authentication configured. This is the instance that you will connect to. See Setting Up an SAP HANA Instance with OAuth or SSO for more information.

Add Your Environment’s URIs to Your Existing Azure AD App Registration

  1. Add your environment to the redirect URIs in Azure AD. This step is required for every environment that you want to use OAuth. Navigate to your App Registration in the Azure AD portal and click Add a Redirect URI.

  2. Choose Add a platform > Web and enter the URL of your environment in Redirect URIs. Click Configure. A list of redirect URIs appear that contain your URI.

  3. In Workstation, connect to an environment.
  4. In the Navigation pane, click , next to Enterprise Security.

  5. Choose an Environment, Display Name, and select Azure AD as the Identity Provider.

    The Login Redirect URIs update based on your environment.

  6. Copy the Library Web URI.
  7. In Azure AD, click Add URI under Web > Redirect URIs.
  8. Paste the Library Web URI that you copied.
  9. Repeat steps 6 through 8 for the Authoring Web URI.
  10. In Azure AD, click Add URI under Web > Redirect URI and enter http://localhost.
  11. Click Add URI and enter https://127.0.0.1.

  12. Click Save.

Create a Data Source, Database Connection, and Authentication Service

  1. Open the Workstation window with the Navigation pane in smart mode.
  2. In the Navigation pane, click , next to Datasets.
  3. Select the environment and select SAP HANA under Available Data Source Types.

  4. Enter a name, description, and project.
  5. Click Default Database Connection and choose Add New Database Connection.
  6. Enter a new name and the server and port number of your running SAP HANA instance.
  7. In Authentication Service, choose Add New Authentication.
  8. Enter a new name.
  9. Enter the client and directory ID from your MicroStrategy OIDC app registration. You can find these values on the Overview page of your app registration.
  10. Enter the client secret.
  11. In Scope, enter openid offline_access <your scope>, where <your scope> is the value from the Expose an API page of your app registration.
  12. Click Save in the next three windows.

Verify Your Data Source Connects

  1. Open the Workstation window with the Navigation pane in smart mode.
  2. Choose Help and check that New Data Import Experience is not selected.
  3. In the Navigation pane, click , next to Datasets.
  4. Choose your environment and project.
  5. Select Data Import Cube and click OK.
  6. Choose SAP HANA in the Data Sources window.
  7. Select Build a Query and click Next.
  8. Your new data source appears under Data Sources.
  9. Click your new data source and an Azure AD authentication browser window appears..
  10. Enter your Azure AD credentials.
  11. Once the data loads, drag and drop a table into the specified window.
  12. If data appears, your connection is successfully established.

Troubleshooting

When connecting to the data source, you may see error while parsing protocol. This error can occur for the following scenarios:

When connecting to the data source, you may receive an Invalid client secret error. To ensure that you entered the correct secret, see Create a Data Source, Database Connection, and Authentication Service.