The driver supports Azure Active Directory authentication (Azure AD). Azure AD authentication allows administrators to centrally manage user permissions to Amazon Redshift. When Azure AD authentication is enabled, all communications to Amazon Redshift are encrypted.

To configure the driver to use Azure AD authentication:

  • Set the Authentication Method (AuthenticationMethod) option to 13 (AzureAD).
  • Set the Azure Client ID (AzureClientID) option to specify the client ID key for your application.
  • Set the Azure Client Secret (AzureClientSecret) option to specify the client secret for your application.
  • Set the Azure Tenant ID (AzureTenantID) option to specify the ID of the Azure AD instance in which you create and manage your application.
  • Set the AWS DB User (AWSDBUser) option to specify your Amazon Web Services (AWS) user name.
    Note: You can create a new AWS user using the Setup dialog box. To create a new AWS user, on the Authentication tab, specify the name for the new AWS user in the AWS DB User field, and then select the Auto create check box (AutoCreate=1).
  • Optionally, set the AWS DB Group (AWSDBGroup) option to specify the name of the AWS user group your AWS user name is a part of.
  • Specify values for one of the following sets of options:
    • AWS Region and AWS Cluster:
      • Set the AWS Region (AWSRegion) option to specify the name of the region that hosts your AWS server. For example, us-east-1 or us-east-2.
      • Set the AWS Cluster (AWSCluster) option to specify the name of the Amazon Redshift cluster that contains the database you want to connect to.
    • Host Name and Port Number:
      • Set the Host Name (HostName) option to specify the IP address endpoint of the Amazon Redshift cluster to which you want to connect.
      • Set the Port Number (PortNumber) option to specify the port number of the server listener.
    Note: If values are specified for both the sets of options, the values for Host Name and Port Number take precedence over those for AWS Region and AWS Cluster.
  • Set the Database option to specify the name of the database to which you want to connect.
  • Set the User Name (LogonID) option to specify your user name.
  • Set the Password option to specify your password.
Note: The User Name and Password options are not required to be stored in the data source. They can also be sent separately by the application using the SQLConnect ODBC API. For SQLDriverConnect and SQLBrowseConnect, they will need to be specified in the data source or connection string.

The following examples show the connection information required to establish a connection using the Azure AD authentication. These examples use the values for Port Number and Host Name instead of those for AWS Region and AWS Cluster.

Connection string

DRIVER=DataDirect 8.0 Amazon Redshift Wire Protocol;AuthenticationMethod=13;
AWSDBUser=jsmith;AWSDBGroup=awsgroup1;AzureClientID=abc123;
AzureClientSecret=abc456;AzureTenantID=xyz456;HostName=RedshiftServer;
LogonID=John;Password=secret;PortNumber=5432;

odbc.ini file

[Amazon Redshift]
Driver=ODBCHOME/lib/ivrsft28.so
...
Description=DataDirect 8.0 Amazon Redshift Wire Protocol
...
AuthenticationMethod=13
...
AWSDBUser=jsmith;
...
AWSDBGroup=awsgroup1;
...
AzureClientID=abc123;
...
AzureClientSecret=abc456;
...
AzureTenantID=xyz456;
...
HostName=RedshiftServer
...
LogonID=John
...
Password=secret
...
PortNumber=5432;
...