| Info |
|---|
This article describes the authentication flow for a user (Angela) that signs in to Lakehouse Monitor Optimizer (LHMLHO) using Active Directory (AD) enabled credentials and accesses Databricks Workspaces. |
Angela opens the browser and navigates to LHM login page (B1). Open Upen opening the linkLHO login page, she is presented with the “Login with Active Directory” screen.
...
Once Angela successfully authenticated herself using Microsoft's OAuth2 protocol (requests diagram here), at the end of B2 step LHM LHO will have an access token to use on-behalf-of Angela to access the Databricks resources (B3 and B4).
Active Directory’s App Registration is used to configure which user groups are allowed to perform Active Directory Authentication and perform Single-Sign-On in Lakehouse MonitorOptimizer.
Also Active Directory’s Graph is used to define LHM LHO Roles to be used within the Lakehouse Monitor Optimizer application.
For more details, please refer to the following related articles:
https://blueprinttechnologies.atlassian.net/wiki/spaces/BLMPD/pages/25715671052670788609/Azure+VM+Docker+with+Azure+Service+Management+and+Service+Management#%F0%9F%91%A4ActivePrincipal#%F0%9F%91%A4Active-Directory-Authentication
https://blueprinttechnologies.atlassian.net/wiki/spaces/BLMPD/pages/25715671052670788609/Azure+VM+Docker+with+Azure+Service+Management#How-is-Databricks-managed-in-LHM%3F-(4)https://blueprinttechnologies.atlassian.net/wiki/spaces/BLMPD/pages/2571567105/Azure+VM+Docker+with+AzureManagement+and+Service+Management#%F0%9F%AA%AAPrincipal#%F0%9F%AA%AA-LHMLHO-Roles