CREATE IDENTITY PROVIDER

Defines a new identity provider. Only a superuser can create an identity provider.

Syntax


CREATE IDENTITY PROVIDER identity_provider_name TYPE type_name
NAMESPACE namespace_name
[PARAMETERS parameter_string]
[APPLICATION_ARN arn]
[IAM_ROLE iam_role]

Parameters

identity_provider_name: Name of the new identity provider. For more information about valid names, see Names and identifiers.
type_name: The identity provider to interface with. Azure is currently the only supported identity provider.
namespace_name: The namespace. This is a unique, shorthand identifier for the identity provider directory.
parameter_string: A string containing a properly formatted JSON object that contains parameters and values required for the identity provider.
arn: The Amazon resource name (ARN) for an IAM Identity Center managed application. This parameter is applicable only when the identity-provider type is AWSIDC.
iam_role: The IAM role that provides permissions to make the connection to IAM Identity Center. This parameter is applicable only when the identity-provider type is AWSIDC.

Examples

The following example creates an identity provider named oauth_standard, with a TYPE azure, to establish communication with Microsoft Azure Active Directory (AD).


CREATE IDENTITY PROVIDER oauth_standard TYPE azure
NAMESPACE 'aad'
PARAMETERS '{"issuer":"https://sts.windows.net/2sdfdsf-d475-420d-b5ac-667adad7c702/",
"client_id":"87f4aa26-78b7-410e-bf29-57b39929ef9a",
"client_secret":"BUAH~ewrqewrqwerUUY^%tHe1oNZShoiU7",
"audience":["https://analysis.windows.net/powerbi/connector/AmazonRedshift"]
}'

You can connect an IAM Identity Center managed application with an existing provisioned cluster or Amazon Redshift Serverless workgroup. This gives you the ability to manage access to a Redshift database through IAM Identity Center. To do so, run a SQL command like the following sample. You have to be a database administrator.


CREATE IDENTITY PROVIDER "redshift-idc-app" TYPE AWSIDC
NAMESPACE 'awsidc'
APPLICATION_ARN 'arn:aws:sso::123456789012:application/ssoins-12345f67fe123d4/apl-a0b0a12dc123b1a4'
IAM_ROLE 'arn:aws:iam::123456789012:role/MyRedshiftRole';

The application ARN in this case identifies the managed application to connect to. You can find it by running SELECT * FROM SVV_IDENTITY_PROVIDERS;.

For more information about using CREATE IDENTITY PROVIDER, including additional examples, see Native identity provider (IdP) federation for Amazon Redshift. For more information about setting up a connection to IAM Identity Center from Redshift, see Connect Redshift with IAM Identity Center to give users a single sign-on experience.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

CREATE GROUP

CREATE LIBRARY