Hybrid Data Pipeline supports OIDC authentication services to connect with OData-enabled data sources. An OIDC authentication service may be used to enable single sign-on (SSO) with SSO identity providers such Okta or Microsoft. The following general steps apply to integrating an OIDC service.

  1. The OIDC service must be registered as an external authentication service.
  2. Hybrid Data Pipeline user accounts must be configured to use the OIDC service.
  3. The identity provider (IdP) for OIDC must be configured to access Hybrid Data Pipeline.

    For all configurations, you must define the scope as api.access.odata for accessing the Hybrid Data Pipeline OData endpoint. Refer to the IdP's documentation for other configuration details.

Note:
  • The OIDC authentication method is only supported for OData connectivity. To access an OData endpoint with an OIDC authentication service, specify the header x-datadirect-authService with an OIDC authentication service name as the value and a bearer prefix.
  • The Hybrid Data Pipeline server supports JSON Web Token (JWT) and Introspect methods for token validation.
  • Microsoft Azure only supports the JWT method for token validation.