Configure OAuth for a Databricks connection
ThoughtSpot supports OAuth for a Databricks connection. This page describes the setup and configuration required.
Databricks SQL endpoints are configured with OAuth 2.0 authentication on the Microsoft Azure platform, using Azure Active Directory (AAD) as the identity provider (IdP).
To create an application in AAD, do the following:
Log in to the Azure portal and navigate to the AAD resource, click Add, and select App registration.
Provide a name for your application and add a redirect URI in the following format:
This is where the call is redirected upon successful login to AAD when creating a connection in ThoughtSpot.
After you register your application, make a note of the Application (client) ID in the Essentials section of the app’s overview page. Also, make a note of the OAuth 2.0 authorization and token endpoints. These are required later when configuring the Databricks connection in ThoughtSpot.
To configure the AAD application, do the following:
In the Azure portal, navigate to your application by clicking App Registrations and then clicking your newly registered application to open it.
In your application, click API Permissions and under the AzureDatabricks API/Permissions name, click the user_impersonation permission.
Click Certificates & secrets and create a new secret for the app, providing an appropriate expiry time. Make a note of the secret value because it is displayed only while creating it. The secret value is required later when you create the Databricks connection in ThoughtSpot.
To create AAD users in the Databricks workspace, do the following:
Log in to the Databricks workspace as a user with admin privileges. Click Setting and navigate to Admin Console.
Click Add User to create AAD users in Databricks.
The JDBC connection URL which uses the access token from AAD must use the following format:
`"jdbc:spark://adb-111222444555.13.azuredatabricks.net:443/samples;transportMode=http;" + "ssl=1;httpPath=/sql/1.0/endpoints/c53335555f2222e999;" + "AuthMech=11;Auth_Flow=0;" +"Auth_AccessToken=<access_token>"`