This article describes the authentication flow for a user (Angela) that signs in to Lakehouse Optimizer (LHM) using Active Directory (AD) enabled credentials and accesses Databricks Workspaces.
Angela opens the browser and navigates to LHM login page (B1). Upen opening the LHM login page, she is presented with the “Login with Active Directory” screen.
When Angela clicks on “Login with Active Directory” button she will be redirected to Microsoft’s Single Sign-On page to authenticate with her Active Directory Credentials. Microsoft’s Single Sing-On page can have the Multi Factor Authentication (MFA) option enabled.
Once Angela successfully authenticated herself using Microsoft's OAuth2 protocol (requests diagram here), at the end of B2 step LHM will have an access token to use on-behalf-of Angela to access the Databricks resources (B3 and B4).
Active Directory’s App Registration is used to configure which user groups are allowed to perform Active Directory Authentication and perform Single-Sign-On in Lakehouse Optimizer.
Also Active Directory’s Graph is used to define LHM Roles to be used within the Lakehouse Optimizer application.
For more details, please refer to the following related articles:
Add Comment