This article describes the authentication flow for a user (Angela) that signs in to Lakehouse Monitor (LHM) using Active Directory (AD) enabled credentials and accesses Databricks Workspaces.
Angela opens the browser and navigates to LHM login page (B1). Open opening the link, she is presented with the “Login with Active Directory” screen.
When Angela clicks on “Login with Active Directory” button she will be redirected to Microsoft’s Single Sign-On page to authenticate with her Active Directory Credentials. Microsoft’s Single Sing-On page can have the Multi Factor Authentication (MFA) option enabled.
Once Angela successfully authenticated herself using Microsoft's OAuth2 protocol (requests diagram here), at the end of B2 step LHM will have an access token to use on-behalf-of Angela to access the Databricks resources.
Active Directory’s App Registration is used to configure which user groups are allowed to perform Active Directory Authentication and perform Single-Sign-On in Lakehouse Monitor.
Also Active Directory’s Graph is used to define LHM Roles to be used within the Lakehouse Monitor application.
0 Comments