MicroStrategy ONE
Manage OAuth Enterprise Security with Identity and Access Management (IAM) Objects
Many enterprise solutions have multiple data warehouses and want the ability to assign their IdPs easily to all the data sources that are used in their ecosystems. With Enterprise Identity and Access Management (IAM) objects, administrators can provide a secure and convenient way of configuring data sources that support integration with enterprise Identify Provider in MicroStrategy Workstation. This gives enterprises the ability to manage their IdPs and configure SSO for all their gateways.
See KB485668 for more information about converting older manual OAuth configurations to new IAM objects.
Get started with the following procedures:
View Existing IAM Objects
-
In Workstation, log in to an environment. You must log in as a user with the Configure Security Settings privilege.
-
In the Navigation pane, click Enterprise Security. The existing IAM object information appears on the right, including the IAM object name, IdP type. and object modification type.
-
Right-click the IAM object to edit it, view its properties and security access to modify the object access lists, or delete the object if no data source uses it.
Create an IAM Object
-
In the Navigation pane, click , next to Enterprise Security.
-
Choose the Environment in which you want to create the object.
-
Give the IAM object a Display Name.
-
Select the IdP type and register the MicroStrategy environment as an application with the provided Login Redirect URIs.
-
Copy and paste the MicroStrategy application configuration fields, including Client ID, Client Secret, Directory (tenant) ID, and Scope.
-
Click Save.
Use an existing IAM object
-
Use the Navigation pane to select your data source or create/edit a Snowflake or other data source type that supports OAuth authentication.
-
Edit or create new database connection and in the Database Connection dialog, choose the Authentication Mode as OAuth.
-
In Authentication Service, choose existing IAM objects or click Add New Authentication Service to create IAM an object directly in this dialog. The newly created IAM objects appears in the Enterprise Security section of the Navigation pane.