Strategy One

Integrating Strategy with Teradata for Single Sign-On Using Okta

MicroStrategy ONE Update 10 introduces a feature that supports connection to Teradata through OAuth authentication in Workstation.

Configure Okta Identity Provider for Teradata Single Sign-On

Create an Okta Application

  1. Log in to Okta.
  2. In the Navigation pane, under Applications, click Applications.
  3. Click Create App Integration.

  4. Choose the OIDC - OpenID Connect sign-in method and the Native Application application type.
  5. Click Next.
  6. Enter a name for the application integration, and choose the Refresh Token and Token Exchange grant types.
  7. Add your sign-in redirect URIs for your environment. For example, https://env-308750.customer.cloud.microstrategy.com/MicroStrategyLibrary/auth/oidc/login.
  8. Choose the Allow everyone in your organization to access controlled access.
  9. Click Save.

Edit the OpenID Connect ID Token

  1. Navigate to the Sign On tab of your newly created application.
  2. In OpenID Connect ID Token, click Edit.
  3. From the Issuer drop-down, select the Okta URL.

  4. Click Save.

Create an API

  1. In the Navigation pane, under Security, click API.
  2. Click Add Authorization Server.
  3. Enter a name and audience and click Save.

Update the API Issuer

  1. Navigate to the Settings tab of your newly created API.
  2. In Settings, click Edit.
  3. From the Issuer drop-down, select the Okta URL.
  4. Click Save.

Create an Access Policy and Rule

  1. Navigate to the Access Policies tab of your newly created API.
  2. Click Add Policy.
  3. Enter a name and description. Optionally customize Assign to.
  4. Click Create Policy.
  5. Click Add rule.
  6. Enter your preferred rule options and click Create rule.

Enable the Okta Integration in Teradata

Refer to the following Teradata documentation to enable the Okta integration: https://docs.teradata.com/r/Teradata-VantageTM-Advanced-SQL-Engine-Security-Administration/July-2021/Configuring-Single-Sign-On.

Integrate Strategy with Okta OIDC for Teradata

The following data source connection leverages Strategy authentication so you don't have to log in multiple times to improve usability. This type of authentication is also known as single sign-on (SSO). The following steps require an Okta application and access to an Okta account. You must also include your environment URLs in the Okta redirect list, for example:

  • https://env-308140.customer.cloud.microstrategy.com/MicroStrategyLibrary/auth/oidc/login

Create and Map a Strategy User to a Okta User

  1. Open the Workstation window.
  2. In the Navigation pane, click Environments.
  3. Log into your environment. You must have Administrator privileges.
  4. In the Navigation pane, click User and Groups.
  5. Click next to All Users.

  6. In the left pane, click Privileges and add the following privileges:
  • Access data from Databases, Google BigQuery, BigData, OLAP, BI tools
  • Create and edit database instances and connections
  • Create and edit database logins
  • Create configuration objects
  • Create dataset in Workstation
  • Configure project data source
  • Monitor Database Connections
  • Use Workstation
  1. In the left pane, click Authentication.
  2. Enter your Okta email address in Trusted Authenticated Request User ID.
  3. Click Save.

For more information on mapping existing users, see Mapping OIDC Users to MicroStrategy.

Integrate Strategy with Okta Using OIDC

  1. Right-click your connected environment and choose Configure Enterprise Security > Configure OIDC.
  2. From the identity provider drop-down, select Okta.
  3. Enter the Client ID and Issuer.

  4. Click Save.

    5. If you click Test Configuration, the test will not be successful.

Create a Database Role with OAuth Authentication

After you copy the ClientID, ClientSecret, Tenant ID, Authorization URL, and Token URL, you can connect to Teradata using OAuth.

Configure Authentication Service Using Enterprise Security

  1. Open the Workstation window with the Navigation pane in smart mode.
  2. In the Navigation pane, click , next to Enterprise Security.

  3. Enter a Display Name.
  4. Choose the Okta identity provider.
  5. Copy the login redirect URIs.
  6. In the Okta Admin Console, select the Teradata client application.
  7. Go to General Settings under General and click Edit.
  8. Click Add URI.
  9. Enter the URIs that you copied earlier.
  10. Click Save.
  11. In Workstation, enter the Client ID, Client Secret, OAuth URL, and Token URL.
  12. Click Save.

Create a Database Role Using Data Source

  1. Open the Workstation window.
  2. In the Navigation pane, click , next to Data Sources.
  3. Choose Teradata.
  4. Expand the Default Database Connection drop down and click Add a new database connection.
  5. Enter a Name and Server Name.

  6. In Authentication Mode, choose OIDC Single Sign-On.
  7. In the Authentication Service drop-down, choose the Azure authentication service you created.
  8. Enter a Scope.
  9. Click Save.

Connect to Teradata Database

  1. Open the Workstation window.
  2. Make sure the environment is using the Strategy OIDC authentication mode. In the Navigation pane, click Environments.
  3. Right-click the environment and choose Edit Environment Information.
  4. Verify that Authentication Mode is set to Default OIDC.
  5. Log in to your Strategy environment using your Okta user name and password.
  6. Test the data source in either Library or Workstation.

Test the Data Source in Library

  1. Open Strategy Library and click Log in with OIDC.

  2. In the toolbar, click and choose Dashboard.

  3. Click Blank Dashboard.

  4. Click Create.

  5. Click New Data and select the Teradata gateway.

  6. Choose Select Tables and click Next.

  7. Select the data source you created. The projects and datasets list appears.

Test the Data Source in Workstation

  1. In the Navigation pane, click , next to Datasets.
  2. Select the Teradata gateway.
  3. Select the data source you created. The dataset appears.