MicroStrategy ONE
Integrate MicroStrategy with Google BigQuery for Single Sign-On Using Google
Starting in MicroStrategy ONE (September 2024), MicroStrategy supports single sign-on to Google BigQuery using OpenID through Google in all clients out-of-the-box.
Check out the following topics to enable single sign-on using Google:
Integrate MicroStrategy with Google Using OIDC
To set up OIDC login with Google, see Integrate OIDC Support with Google.
If you want to access BigQuery data, add a https://www.googleapis.com/auth/bigquery scope to each client.
Create and Map a MicroStrategy User to a Google User
- Open the Workstation window with the Navigation pane in smart mode.
- In the Navigation pane, click Environments.
- Log into your environment. You must have the Administrator privileges.
- In the Navigation pane, click Users and Groups.
- Click the plus icon (+) next to All Users and enter the required fields.
- In the left pane, click Privileges and add the following privileges:
- Access data from Databases, Google BigQuery, BigData, OLAP, BI tools
- Create and edit database instances and connections
- Create and edit database logins
- Create configuration objects
- Create dataset in Workstation
- Monitor Database Connections
- Use Workstation
- In the left pane, click Authentication.
- Enter your Google email address in Trusted Authenticated Request User ID.
- Click Save.
For more information on mapping existing users, see Mapping OIDC Users to MicroStrategy.
Create an Enterprise Security Object
-
In the Navigation pane, click
, next to Enterprise Security. -
Choose the Environment in which you want to create the object.
-
Give the IAM object a Display Name.
-
Select the Google IdP type and register the MicroStrategy environment as an application with the provided Login Redirect URIs.
-
In the Workstation drop-down, enter the Client ID for each client that you created in the previous step.
Click
Client Type to add a different client type.
-
Enter the Client Secret for Web and Workstation.
Client Secret is not required for iOS and Android.
-
Leave Scope blank.
-
Click Save.
For more information on creating security objects, see Manage OAuth Enterprise Security with Identity and Access Management (IAM) Objects.
Create a Google BigQuery JDBC or ODBC Data Source
- Open the Workstation window.
-
In the Navigation pane, click
, next to Data Sources. -
Choose Google BigQuery.
-
Enter a Name.
-
Expand the Default Database Connection drop-down and click Add New Database Connection.
-
Enter a Name.
-
Choose a JDBC or ODBC driver and enter the required information.
-
In Authentication Service, choose the security object you created in the section above.
-
Click Save.
-
Select the Projects to which the data source is assigned and can be accessed.
-
Click Save.
Test the Google BigQuery Data Source
- Open the Workstation window.
-
Check that the environment is using the Default OIDC authentication mode:
-
Click Environments in the Navigation pane.
-
Right-click the environment you want to use and choose Edit Environment Information.
-
Check the Authentication Mode is set to Default OIDC.
-
-
Log in to your MicroStrategy environment using your Google username and password.
-
To test the data source in Library and ensure it displays:
-
Open MicroStrategy Library and click Log in with OIDC.
-
In the toolbar, click
, and choose Dashboard. -
Click Blank Dashboard.
-
Click Create.
-
Click New Data and select the Google BigQuery gateway.
-
Choose Select Tables and click Next.
-
Select the data source you created.
-
-
To test the data source in Workstation and ensure it displays:
-
In the Navigation pane, click
, next to Dataset. -
Select the Google BigQuery gateway.
-
Select the data source you created.
-
Known Limitations
Google BigQuery drivers do not support refresh token authentication modes without a client secret. Therefore, the connection on iOS and Android may fail. You can skip the two clients when configuring Enterprise Security and MicroStrategy will use the client information configured for Web to retrieve the refresh token to connect.