Enabling Azure Active Directory (AAD) authentication
You can integrate Unravel with Azure Active Directory (AAD) to use this authentication service of Azure for Databricks. To integrate Unravel with AAD, you must first register Unravel services at the AAD website and then update Unravel configuration with AAD details.
Registering Unravel in AAD
Sign in to the Azure portal.
Select Azure Active Directory > App registrations.
Click New registration and enter the following details:
Item
Description
Name
Specify any name to identity the application.
Supported Account Types
Select a supported account type option.
Click Register.
Go to the application and select Manage > Authentication.
Click Add a platform > Web and enter the following details:
Item
Description
Redirect URIs
The URIs, that are accepted as destination when returning authentication responses after successfully authenticating or signing out users.
https://
<Unravel-server-IP or fully qualified domain name (FQDN)>
:3000/aad/consumeLogout URL
The URIs where the request is sent to have the application clear the user's session data.
https://
<Unravel-server-IP or fully qualified domain name (FQDN)>
:3000/aad/logout-consumeClick Configure and go back to the application.
Select Certificates & Secrets > Client Secrets > New client secret.
Enter a description and select an expiry duration.
Note
Copy the client secret as soon as it is displayed, since this gets masked immediately.
Go to the application and capture the following details for use in the Unravel configuration for AAD:
Item
Description
Client ID
Copy the details from Overview > Essentials > Application (client) ID.
Client secret
The client secret, which is copied as mentioned in #9
Updating Unravel configuration with AAD
The AAD configurations can be set in a JSON file and you can provide the path of this JSON file in the /usr/local/unravel/etc/unravel.properties
file.
Create
aad.json
file with the following configurations and add the file to/usr/local/unravel/etc/
.{ "clientID": "", "clientSecret": "", "callbackURL": "https://
<unravel-server-IP or FQDN>
:3000/aad/consume", "logoutCallbackURL": "https:<unravel-server-IP or FQDN>
:3000/logout-consume", "logoutEnabled": false }Item
Description
clientID
Client ID from Overview > Essentials > Application (client) ID.
clientSecret
Client secret.
callbackURL
Redirect URL to consume login response from AAD. This should be the same as the Redirect URI.
logoutCallbackURL
Redirect URL to consume logout response from AAD. This should be the same as the Logout URL.
logoutEnabled
Enable/disable logout on AAD when user logs out from Unravel.
Set following properties in
/usr/local/unravel/etc/unravel.properties
.com.unraveldata.login.mode=aad com.unraveldata.login.aad.config=/usr/local/unravel/etc/aad.json
Add a user as Admin. By default, logged in users assume read-only admin mode when RBAC is turned off and user role when RBAC is turned on.
com.unraveldata.login.admins=<username>,<username>,... com.unraveldata.login.admins.readonly=<username>,<username>,...
Restart service.
service unravel_ngui restart