Authentication methods
To protect data from unauthorized access, Amazon Redshift data stores require all connections to be authenticated using user credentials.
The following table illustrates the required and optional connection options for each authentication method that can be used to connect to the Amazon Redshift ODBC driver version 2.x:
Authentication Method | Required | Optional |
---|---|---|
Standard |
|
|
IAM Profile |
|
NoteClusterID and Region must be set in Host if they are not set separately. |
IAM Credentials |
|
NoteClusterID and Region must be set in Host if they are not set separately. |
AD FS |
|
NoteClusterID and Region must be set in Host if they are not set separately. |
Azure AD |
|
NoteClusterID and Region must be set in Host if they are not set separately. |
JWT |
|
|
Okta |
|
NoteClusterID and Region must be set in Host if they are not set separately. |
Ping Federate |
|
NoteClusterID and Region must be set in Host if they are not set separately. |
Browser Azure AD |
|
NoteClusterID and Region must be set in Host if they are not set separately. |
Browser SAML |
|
NoteClusterID and Region must be set in Host if they are not set separately. |
Auth Profile |
|
|
Browser Azure AD OAUTH2 |
|
NoteClusterID and Region must be set in Host if they are not set separately. |
AWS IAM Identity Center |
|
|
Using an external credentials service
In addition to built-in support for AD FS, Azure AD, and Okta, the Windows version of the Amazon Redshift ODBC driver also provides support for other credentials services. The driver can authenticate connections using any SAML-based credential provider plugin of your choice.
To configure an external credentials service on Windows:
-
Create an IAM profile that specifies the credential provider plugin and other authentication parameters as needed. The profile must be ASCII-encoded, and must contain the following key-value pair, where
PluginPath
is the full path to the plugin application:plugin_name =
PluginPath
For example:
plugin_name = C:\Users\kjson\myapp\CredServiceApp.exe
For information on how to create a profile, see Using a Configuration Profile in the Amazon Redshift Cluster Management Guide.
-
Configure the driver to use this profile. The driver detects and uses the authentication settings specified in the profile.