Atlan supports SSO authentication for Google BigQuery connections. Once you've configured SSO authentication for Google BigQuery, your users can:
πͺ Did you know? When using OAuth 2.0 for authorization, Google displays a consent screen to the user that includes a summary of your project, policies, and scopes. If you have not configured the consent screen, complete the steps in configure OAuth consent screen. Otherwise, skip to create access credentials.
(Optional) Configure OAuth consent screen in Google BigQuery
π€ Who can do this? You will need your Google BigQuery administrator to complete these steps β you may not have access yourself.
To configure the OAuth consent screen, from Google BigQuery:
- Open the Google Cloud console.
- In the left menu of the Google Cloud console, under APIs & Services, click OAuth consent screen.
- On the OAuth consent screen page, under User Type, select a preferred user type and then click Create.
- In the corresponding Edit app registration page, enter the following details:
- For App name, enter a meaningful name β for example,
Atlan_SSO
. - For User support email, enter a support email for your users to troubleshoot.
- For Developer contact information, enter an email address where Google can notify you about any changes to your project.
- Click Save and continue to proceed to the next step.
- For App name, enter a meaningful name β for example,
- On the Scopes page, complete the following steps:
- Click Add or remove scopes to add a new scope.
- In the Update selected scopes dialog, click BigQuery API to add the
/auth/bigquery
scope and then click Update. - Click Save and continue to finish setup.
- Once the OAuth consent screen configuration is successful, click Go back to dashboard.
Create access credentials in Google BigQuery
π€ Who can do this? You will need your Google BigQuery administrator to complete these steps β you may not have access yourself.
Credentials are used to obtain an access token from Google's authorization servers for authentication in Atlan.
To create access credentials, from Google BigQuery:
- Open the Google Cloud console.
- In the left menu of the Google Cloud console, under APIs & Services, click Credentials.
- From the upper right of the Credentials page, click Create credentials, and from the dropdown, click OAuth client ID.
- In the OAuth client ID screen, enter the following details:
- For Application type, click Web application.
- For Name, enter a meaningful name β for example,
Atlan_client
. - Under Authorized JavaScript origins, click Add URI and enter your Atlan instance β for example,
https://<company-name>.atlan.com
. - Under Authorized redirect URIs, click Add URI and enter your Atlan endpoint URI β for example,
https://<company-name>.atlan.com/api/service/oauth
. - Click Create to finish setup.
- From the corresponding OAuth client created dialog, copy the Client ID and Client secret and store it in a secure location.
Configure SSO authentication in Atlan
π€ Who can do this? You will need to be a connection admin in Atlan to complete these steps. You will also need inputs and approval from your Google BigQuery administrator.
Once you have configured access credentials in Google BigQuery, you can enable SSO authentication for your users to query data and view sample data in Atlan.
To configure SSO on a Google BigQuery connection, from Atlan:
- From the left menu of any screen, click Assets.
- From the Assets page, click the Connector filter, and from the dropdown, select BigQuery.
- From the pills below the search bar at the top of the screen, click Connection.
- From the list of results, select a Google BigQuery connection to enable SSO authentication.
- From the sidebar on the right, next to Connection settings, click Edit.
- In the Connection settings dialog:
- Under Allow query, for Authentication type, click SSO authentication to enforce SSO credentials for querying data:
- For SSO authentication, enter the following details:
- For Client ID, enter the client ID you copied from Google BigQuery.
- For Client secret, enter the client secret you copied from Google BigQuery.
- For SSO authentication, enter the following details:
- Under Display sample data, for Source preview, click SSO authentication to enforce SSO credentials for viewing sample data:
- If SSO authentication is enabled for querying data, the same connection details will be reused for viewing sample data.
- If a different authentication method is enabled for querying data, enter the client ID and client secret you copied from Google BigQuery.
- Under Allow query, for Authentication type, click SSO authentication to enforce SSO credentials for querying data:
- (Optional) Toggle on Enable data policies created at source to apply for querying in Atlan to apply any data policies and user permissions at source to querying data and viewing sample data in Atlan. If toggled on, any existing data policies on the connection in Atlan will be deactivated and creation of new data policies will be disabled.
- At the bottom right of the Connection settings dialog, click Update.
Your users will now be able to run queries and view sample data using their SSO credentials! π