Below you will find a list of fields, which should be entered for connection:
Connection name - by default, it would be created with the name 'New Connection', we can change it.
JDBC DRIVER - please use the link for finding more information about JDBC DRIVER
Host - we need to add the hostname of our database server
Port - by default, it would be 5439, or we need to add the port used by our server.
SSL Mode - or Secure Sockets Layer, is a method of providing a secure browser connection for viewing Web pages, email and other online data:
- Disable - SSL is disabled and the connection is not encrypted.
- Prefer - SSL is used if the server supports it. Amazon Redshift supports SSL, so SSL is used when you set sslmode to prefer.
- Allow - SSL is used if the server requires it.
- Require - SSL is required.
Authentication - by default, we add Standart. Use this option to specify how the connection will be authenticated. Select one of the following authentication types:
- Standard - Standard authentication (with a Redshift database user name and password).
- AWS Profile - IAM authentication using an Amazon Web Services (AWS) profile. Provide the details for this authentication type below.
- AWS IAM Credentials - IAM authentication using IAM credentials. Provide the details for this authentication type below.
- Identify Provider: AD FS - Single sign-on (SSO) IAM authentication using Active Directory Federation Services (AD FS) as an identity provider. The connection will be authenticated using the IAM credentials stored in AD FS. Provide the details for this authentication type below.
- Identity Provider: PingFederate - Single sign-on (SSO) IAM authentication using PingFederate as an identity provider. The connection will be authenticated using the IAM credentials stored in the PingFederate service. Provide the details for this authentication type below.
- Identity Provider: Okta - Single sign-on (SSO) IAM authentication using Okta as an identity provider. The connection will be authenticated using the IAM credentials stored in Okta. Provide the details for this authentication type below.
If [Authentication] = [Standard], then
User&Password - add your user name and password.
Database - Enter the database that you created for your Amazon Redshift cluster.
Connection timeout (sec)- Enter connection timeout (0 if left empty, means to timeout)
Advanced properties - we can add all particular information which we need.
If [Authentication] = [AWS Profile], then
DB User - The name of a database user. If a user named DbUser exists in the database, the temporary user credentials have the same permissions as the existing user. If DbUser doesn't exist in the database and AutoCreate is true, a new user named DbUser is created. Optionally, disable the password for an existing user. For more information, see ALTER_USER
Autocreate DB User - Specify true to create a database user with the name specified for DbUser if one does not exist. The default is false.
DB Groups - A comma-delimited list of the names of one or more existing database groups the database user joins for the current session. By default, the new user is added only to PUBLIC.
For more information, see JDBC and ODBC Options for Creating Database User Credentials.
Profiles - Enter the name of a profile in an AWS config file that contains values for the ODBC connection options. For more information, see Using a Configuration Profile.
Use Amazone EC2 Instance Profile - check-box. You can use an IAM role to manage temporary credentials for applications that are running on an EC2 instance and making AWS CLI or AWS API requests. This is preferable to storing access keys within the EC2 instance. To assign an AWS role to an EC2 instance and make it available to all of its applications, you create an instance profile that is attached to the instance. An instance profile contains the role and enables programs that are running on the EC2 instance to get temporary credentials. For more information, see Using an IAM Role to Grant Permissions to Applications Running on Amazon EC2 Instances in the IAM User Guide.
Database - Enter the database that you created for your Amazon Redshift cluster.
Connection timeout (sec)- Enter connection timeout (0 if left empty, means to timeout)
Advanced properties - we can add all particular information which we need.
If [Authentication] = [AWS IAM], then
DB User - The name of a database user. If a user named DbUser exists in the database, the temporary user credentials have the same permissions as the existing user. If DbUser doesn't exist in the database and AutoCreate is true, a new user named DbUser is created. Optionally, disable the password for an existing user. For more information, see ALTER_USER
Autocreate DB User- Specify true to create a database user with the name specified for DbUser if one does not exist. The default is false.
DB Groups - A comma-delimited list of the names of one or more existing database groups the database user joins for the current session. By default, the new user is added only to PUBLIC.
Access Key ID & Secret Access Key - The access key ID and secret access key for the IAM role or IAM user configured for IAM database authentication.
Session Token - is required for an IAM role with temporary credentials. For more information, see Temporary Security Credentials.
If [Authentication] = [AD FS], then
π NOTE: For Windows Integrated Authentication with Identify Provider: AD FS, leave [Idp User] and [Idp Password] empty.
DB User - The name of a database user. If a user named DbUser exists in the database, the temporary user credentials have the same permissions as the existing user. If DbUser doesn't exist in the database and AutoCreate is true, a new user named DbUser is created. Optionally, disable the password for an existing user. For more information, see ALTER_USER
Autocreate DB User - Specify true to create a database user with the name specified for DbUser if one does not exist. The default is false.
DB Groups - A comma-delimited list of the names of one or more existing database groups the database user joins for the current session. By default, the new user is added only to PUBLIC.
Idp Host - The name of the corporate identity provider host. This name should not include any slashes ( / ).
Idp Post - The port used by identity provider. The default is 443.
SSL Insecure - To skip verification of the SSL certificate of the IDP server, select the SSL Insecure check box.
Preferred Role - An Amazon Resource Name (ARN) for the IAM role from the multi-valued AttributeValue elements for the Role attribute in the SAML assertion. To find the appropriate value for the preferred role, work with your IdP administrator. For more information, see Configure SAML assertions for your IdP.
If [Authentication] = [PingFederate], then
Depend on Authentication we will see instead [User&Password]β¨ [Idp User&Idp Password] (identity provider user&password).
DB User - The name of a database user. If a user named DbUser exists in the database, the temporary user credentials have the same permissions as the existing user. If DbUser doesn't exist in the database and AutoCreate is true, a new user named DbUser is created. Optionally, disable the password for an existing user. For more information, see ALTER_USER
Autocreate DB User - Specify true to create a database user with the name specified for DbUser if one does not exist. The default is false.
DB Groups - A comma-delimited list of the names of one or more existing database groups the database user joins for the current session. By default, the new user is added only to PUBLIC.
Idp Host - The name of the corporate identity provider host. This name should not include any slashes ( / ).
Idp Post - The port used by identity provider. The default is 443.
SSL Insecure - To skip verification of the SSL certificate of the IDP server, select the [SSL Insecure] check box.
Preferred Role - An Amazon Resource Name (ARN) for the IAM role from the multi-valued AttributeValue elements for the Role attribute in the SAML assertion. To find the appropriate value for the preferred role, work with your IdP administrator. For more information, see Configure SAML assertions for your IdP.
Partner SPID- Enter partner service provider ID
If [Authentication] = [Okta], then
Depend on Authentication we will see instead [User&Password]β¨ [Idp User&Idp Password] (identity provider user&password).
DB User - The name of a database user. If a user named DbUser exists in the database, the temporary user credentials have the same permissions as the existing user. If DbUser doesn't exist in the database and AutoCreate is true, a new user named DbUser is created. Optionally, disable the password for an existing user. For more information, see ALTER_USER
Autocreate DB User - Specify true to create a database user with the name specified for DbUser if one does not exist. The default is false.
DB Groups - A comma-delimited list of the names of one or more existing database groups the database user joins for the current session. By default, the new user is added only to PUBLIC.
Idp Host - The name of the corporate identity provider host. This name should not include any slashes ( / ).
Preferred Role - An Amazon Resource Name (ARN) for the IAM role from the multi-valued AttributeValue elements for the Role attribute in the SAML assertion. To find the appropriate value for the preferred role, work with your IdP administrator. For more information, see Configure SAML assertions for your IdP.
Okta App ID - An ID for an Okta application. The value for App ID follows "amazon_aws" in the Okta application embed link. Work with your IdP administrator to get this value.
Okta App Name - Enter Okta application Name.
Authentication for Redshift impact on visibility next measures:
| Measure list | Standard | AWS Profile |
AWS IAM |
AD FS | PingFederate | Okta |
| DB User | β | β | β | β | β | β |
| Autocreate DB User | β | β | β | β | β | β |
| DB Groups | β | β | β | β | β | β |
| Profiles | β | β | β | β | β | β |
| Use Amazone EC2 Instance Profile | β | β | β | β | β | β |
|
Access Key |
β | β | β | β | β | β |
|
Secret Access Key |
β | β | β | β | β | β |
|
Session Token |
β | β | β | β | β | β |
|
Idp Host |
β | β | β | β | β | β |
|
Idp Post |
β | β | β | β | β | β |
|
SSL Insecure |
β | β | β | β | β | β |
|
Idp User |
β | β | β | β | β | β |
|
Idp Password |
β | β | β | β | β | β |
|
Preferred Role |
β | β | β | β | β | β |
|
Partner SPID |
β | β | β | β | β | β |
|
Okta App ID |
β | β | β | β | β | β |
|
Okta App Name |
β | β | β | β | β | β |
π NOTE: More information you can find by link
π NOTE: After the User has passed Multi-Factor Authentication (MFA), the SAML Assertion credentials are stored in the driver cache until they expire ('duration' property is defined at provider). In this regard, if the User changes an existing connection or creates a new one with invalid parameters, this will not be taken into account and the connection will pass.