MicroStrategy ONE

Teradata OAuth Connectivity with Okta and Azure AD

Starting in MicroStrategy ONE Update 10, MicroStrategy supports connection to Teradata using OAuth authentication.

OAuth authentication is supported in MicroStrategy Workstation server mode, Web, and Library with HTTPS enabled. OAuth authentication is not supported in MicroStrategy Developer.

  • Okta
  • Azure AD

Prerequisites

Refer to Teradata's documentation for information on configuring Okta IdP.

Get the Init OAuth URL and Refresh Token URL

To get the required URLs, you need to edit the Teradata authorization server created in Okta:

  1. Go to the Okta Admin Console.
  2. In the Security menu, click API.
  3. Click the pencil icon next to your Teradata authorization server.
  4. Copy the Issuer value. The value should be in the following format: https://dev-XXXXX.okta.com/oauth2/YYYYY.
  5. To get the Init OAuth URL and Refresh Token URL, add the following values to the Issuer value:
  • Init OAuth URL: https://dev-XXXX.oktapreview.com/oauth2/YYYYY/v1/authorize
  • Refresh Token URL: https://dev-XXXXX.oktapreview.com/oauth2/YYYYY/v1/token

Get the Client ID

  1. Go to the Okta Admin Console.
  2. In the Applications menu, click Applications.
  3. Select the Teradata's client application.
  4. In the General tab, copy the Client ID.

Create a Database Role with OAuth Authentication

After you copy the ClientID, ClientSecret, Tenant ID, Authorization URL, and Token URL, you can connect to Teradata using OAuth.

Configure Authentication Service Using Enterprise Security

  1. Open the Workstation window with the Navigation pane in smart mode.
  2. In the Navigation pane, click , next to Enterprise Security.

  3. Enter a Display Name.
  4. Choose the Okta identity provider.
  5. Copy the login redirect URIs.
  6. In the Okta Admin Console, select the Teradata client application.
  7. Go to General Settings under General and click Edit.
  8. Click Add URI.
  9. Enter the URIs that you copied earlier.
  10. Click Save.
  11. In Workstation, enter the Client ID, OAuth URL, and Token URL.
  12. Click Save.

Create a Database Role Using Data Source

  1. Open the Workstation window with the Navigation pane in smart mode.
  2. In the Navigation pane, click , next to Data Sources.
  3. Choose Teradata.
  4. Expand the Default Database Connection drop down and click Add a new database connection.
  5. Enter a Name and Server Name.

  6. In Authentication Mode, choose OAuth.
  7. In the Authentication Service drop-down, choose the Azure authentication service you created.
  8. Enter a Scope.
  9. Click Save.

Connect to Teradata Database

  1. In Workstation, Web, or Library, go to Data Import and select Terdata database.
  2. Click Select Tables, Build a Query, or Type a Query.
  3. Click the database role and enter your Okta credentials.
  4. Click Sign In.
  5. Tables and columns visible by the Azure AD user are now available.

Prerequisites

The web server must support HTTPS protocol.

Refer to Teradata's documentation for information on configuring Azure AD IdP.

When you create your Teradata Azure application, add the UPN claim. MicroStrategy uses UPN to map to user ID.

Get the Init OAuth URL and Refresh Token URL

  1. Go to the Microsoft Azure Portal and login.
  2. Go to the Azure Active Directory.
  3. Click App Registrations.
  4. Click the Teradata OAuth Resource that you created in Prerequisites.
  5. Go to the Endpoints section under Overview.
  6. Copy the OAuth 2.0 authorization endpoint (v2) and OAuth 2.0 token endpoint (v2) values.

Get the Client ID

  1. Go to the Microsoft Azure Portal and login.
  2. Go to the Azure Active Directory.
  3. Click App Registrations.
  4. Click the Teradata OAuth Resource that you created in Prerequisites.
  5. Click Overview.
  6. Go to the Essentials section and copy the Application (client) ID value.

Create a Client Secret

  1. In the navigation pane, click Certificates & secrets.
  2. Click New client secret.
  3. Enter a name and expiration date.
  4. Click Add.
  5. Copy the Client Secret value.

Create a Database Role with OAuth Authentication

After you copy the ClientID, ClientSecret, Tenant ID, Authorization URL, and Token URL, you can connect to Teradata using OAuth.

Configure Authentication Service Using Enterprise Security

  1. Open the Workstation window with the Navigation pane in smart mode.
  2. In the Navigation pane, click , next to Enterprise Security.

  3. Enter a Display Name.
  4. Choose the Azure identity provider.
  5. Copy the login redirect URIs.
  6. In Azure AD, go to Authentication and click Add URI.

  7. Enter the URIs that you copied earlier.
  8. Click Save.
  9. In Workstation, enter the Client ID, Client Secret, OAuth URL, and Token URL.
  10. Click Save.

Create a Database Role Using Data Source

  1. Open the Workstation window with the Navigation pane in smart mode.
  2. In the Navigation pane, click , next to Data Sources.
  3. Choose Teradata.
  4. Expand the Default Database Connection drop down and click Add a new database connection.
  5. Enter a Name and Server Name.

  6. In Authentication Mode, choose OAuth.
  7. In the Authentication Service drop-down, choose the Azure authentication service you created.
  8. Enter a Scope.
  9. Click Save.

Connect to Teradata Database

  1. In Workstation, Web, or Library, go to Data Import and select Terdata database.
  2. Click Select Tables, Build a Query, or Type a Query.
  3. Click the database role and enter your Azure AD IdP credentials.
  4. Click Sign In.
  5. Tables and columns visible by the Azure AD user are now available.