Configuring a Connection
After Installing the Connector you can connect and create a Data Source for data in Box.
Setting Up a Data Source
Complete the following steps to connect to the data:
- Under Connect | To a Server, click More....
- Select the data source called Box by CData.
- Enter the information required for the connection.
- Click Sign In.
- If necessary, select a Database and Schema to discover what tables and views are available.
Using the Connection Builder
The connector makes the most common connection properties available directly in Tableau. However, it can be difficult to use if you need to use more advanced settings or need to troubleshoot connection issues. The connector includes a separate connection builder that allows you to create and test connections outside of Tableau.
There are two ways to access the connection builder:
- On Windows, use a shortcut called Connection Builder in the Start menu, under the CData Tableau Connector for Box folder.
- You can also start the connection builder by going to the driver install directory and running the .jar file in the lib directory.
In the connection builder, you can set values for connection properties and click Test Connection to validate that they work. You can also use the Copy to Clipboard button to save the connection string. This connection string can be given to the Connection String option included in the connector connection window in Tableau.
Connecting to Box
The connector enables access to metadata for Box tables and folders. Note that the connector cannot update the contents of files stored on Box or model file content as tables and columns.
Authenticating to Box
The connector uses the OAuth authentication standard to connect to Box from either a User account or a Service account.Box provides embedded OAuth credentials that simplify connection from a Desktop application . To connect from a Web application, you must create a custom OAuth application, as described in Creating a Custom OAuth Application.
The following subsections describe how to authenticate to Box from the available OAuth flows. For information about how to create a custom OAuth application, and why you might want to create one even for auth flows that already have embedded OAuth credentials, see Creating a Custom OAuth Application.
For a complete list of connection string properties available in Box, see Connection.
User Accounts (OAuth)
AuthScheme must be set to OAuth in all user account flows.
Desktop Applications
CData provides an embedded OAuth application that simplifies OAuth desktop authentication. You can also create and connect through a custom OAuth application. For further information about custom OAuth applications, see Creating a Custom OAuth Application.Get and Refresh the OAuth Access Token
After setting the following, you are ready to connect:
- InitiateOAuth: GETANDREFRESH. You can use InitiateOAuth to avoid repeating the OAuth exchange and manually setting the OAuthAccessToken.
- Custom applications only:
- OAuthClientId: The client Id assigned when you registered your app.
- OAuthClientSecret: The client secret assigned when you registered your app.
- CallbackURL: The redirect URI defined when you registered your app. For example: https://localhost:3333
- The connector obtains an access token from Box and uses it to request data.
- The OAuth values are saved in the location specified in OAuthSettingsLocation, to be persisted across connections.
Service Account (OAuthJWT)
Service accounts have silent authentication, which does not require user authentication in the browser. You can also use a service account to delegate enterprise-wide access scopes to the connector.To use a service account, you must create and authorize a custom OAuth application, as described in Creating a Custom OAuth Application. You can then connect to whatever Box data the service account is permitted to access.
After setting the following connection properties, you are ready to connect:
- AuthScheme: OAuthJWT.
- OAuthClientId: The client Id noted in your custom OAuth application settings.
- OAuthClientSecret: The client secret noted in your custom OAuth application settings.
- OAuthJWTCertType: PEMKEY_FILE.
- OAuthJWTCert: The path to the .pem file you generated.
- OAuthJWTCertPassword: The password of the .pem file.
- OAuthJWTCertSubject: The subject of the certificate. If you want to select the first certificate in the Certificate Store, set an * (asterisk).
- OAuthJWTSubjectType: The same as what you specified in your Application Access Values; either "enterprise" or "user". The default value of this connection property is "enterprise".
- OAuthJWTSubject: If your subject type is set to enterprise, this should be your enterprise Id. If your subject type is set to user, this should be your application user Id.
- OAuthJWTPublicKeyId: The Id of your public key in your application settings.
When you connect the connector completes the OAuth flow for a service account.
- Creates and signs the JWT with the claim set required by the connector.
- Exchanges the JWT for the access token.
- Saves OAuth values in OAuthSettingsLocation to be persisted across connections.
- Submits the JWT for a new access token when the token expires.
BOXJSON OAuthJWTCertType
To authenticate using a service account and the BOXJSON OauthJWTCertType, set these properties:- AuthScheme: OAuthJWT.
- InitiateOAuth: GETANDREFRESH.
- OAuthJWTCertType BOXJSON. OAuthJWTCert: The path to the Box-provided JSON file.
In cases where it may not be feasible to use a file in your system. you can copy the contents of the JSON file directly into the connection string. Set these properties:
- AuthScheme: OAuthJWT.
- InitiateOAuth: GETANDREFRESH.
- OAuthJWTCertType: BOXJSONBLOB.
- OAuthJWTCert: The contents of the Box-provided JSON file.
Next Step
See Using the Connector to create data visualizations.