User Authentication Flow Diagram with Active Directory in Azure

 

This article describes the authentication flow for a user (Angela) that signs in to Lakehouse Optimizer (LHO) using Active Directory (AD) enabled credentials and accesses Databricks Workspaces.

 

Azure Active Directory User Authentication Flow

 

Angela opens the browser and navigates to LHM login page (B1). Upen opening the LHO login page, she is presented with the “Login with Active Directory” screen.

B1 request

When Angela clicks on “Login with Active Directory” button she will be redirected to Microsoft’s Single Sign-On page to authenticate with her Active Directory Credentials. Microsoft’s Single Sing-On page can have the Multi Factor Authentication (MFA) option enabled.

Once Angela successfully authenticated herself using Microsoft's OAuth2 protocol (requests diagram here), at the end of B2 step LHO will have an access token to use on-behalf-of Angela to access the Databricks resources (B3 and B4).

Active Directory’s App Registration is used to configure which user groups are allowed to perform Active Directory Authentication and perform Single-Sign-On in Lakehouse Optimizer.

Also Active Directory’s Graph is used to define LHO Roles to be used within the Lakehouse Optimizer application.

 

For more details, please refer to the following related articles: