AuthScheme
The type of authentication to use when connecting to remote services.
Possible Values
AwsRootKeys, AwsEC2Roles, AwsIAMRoles, ADFS, Okta, PingFederate, AwsTempCredentials, AwsCredentialsFile, AzureAD, AzureMSI, AzureServicePrincipal, AzureServicePrincipalCert, AccessKey, AzureStorageSAS, HMAC, OAuth, Basic, OneLogin, SFTP, None, Negotiate, OAuthClient, OAuthJWT, OAuthPKCE, GCPInstanceAccount, Digest, OAuthPassword,Data Type
string
Default Value
""
Remarks
Amazon S3
The following options are available when ConnectionType is set to Amazon S3:
- AwsRootKeys: Set this to use the root user access key and secret. Useful for quickly testing, but production use cases are encouraged to use something with narrowed permissions.
- AwsEC2Roles: Set this to automatically use IAM Roles assigned to the EC2 machine the CData ODBC Driver for SAS Data Sets is currently running on.
- AwsIAMRoles: Set to use IAM Roles for the connection.
- ADFS: Set to use a single sign on connection with ADFS as the identify provider.
- OKTA: Set to use a single sign on connection with OKTA as the identify provider.
- PingFederate: Set to use a single sign on connection with PingFederate as the identify provider.
- AwsTempCredentials: Set this to leverage temporary security credentials alongside a session token to connect.
- AwsCredentialsFile: Set to use a credential file for authentication.
- AzureAD: Set to use a single sign on connection with AzureAD as the identify provider.
Various Azure Services
The following options are available when ConnectionType is set to Azure Blob Storage, Azure Data Lake Storage Gen1, Azure Data Lake Storage Gen2, Azure Data Lake Storage Gen2 SSL, or OneDrive:
- AzureAD: Set this to perform Azure Active Directory OAuth authentication.
- AzureMSI: Set this to automatically obtain Managed Service Identity credentials when running on an Azure VM.
- AzureServicePrincipal: Set this to authenticate as an Azure Service Principal.
- AzureServicePrincipalCert: Set this to authenticate as an Azure Service Principal using a Certificate.
- AccessKey: Set this to authenticate with the storage key associated with your SAS Data Sets account.
- AzureStorageSAS: Set this to authenticate with Shared Access Signature (SAS).
OneLake
The following options are available when ConnectionType is set to OneLake:
- AzureAD: Set this to perform Azure Active Directory OAuth authentication.
- AzureMSI: Set this to automatically obtain Managed Service Identity credentials when running on an Azure VM.
- AzureServicePrincipal: Set this to authenticate as an Azure Service Principal.
- AzureServicePrincipalCert: Set this to authenticate as an Azure Service Principal using a Certificate.
Azure Files
Only the following option is available when ConnectionType is set to Azure Files:- AccessKey: Set this to authenticate with the storage key associated with your SAS Data Sets account.
- AzureStorageSAS: Set this to authenticate with Shared Access Signature (SAS).
Box
The following options are available when ConnectionType is set to Box:
- OAuth: Uses OAuth2 using a standard user account. OAuthVersion must be set to 2.0.
- OAuthClient: Uses OAuth2 with the client credentials grant type. OAuthClientId and OAuthClientSecret are the credentials. OAuthVersion must be set to 2.0.
- OAuthJWT: Uses OAuth2 with the JWT bearer grant type. OAuthJWTCertType and OAuthJWTCert determine what certificate the JWT is signed with. OAuthVersion must be set to 2.0.
Dropbox
Only the following option is available when ConnectionType is set to Dropbox:
OAuth: Uses OAuth2 with the authorization code grant type. OAuthVersion must be set to 2.0.
FTP(S)
Only the following option is available when ConnectionType is set to FTP or FTPS:
Basic: Basic user credentials (user/password).
Various Google Services
The following options are available when ConnectionType points Google Cloud Storage or Google Drive:
- OAuth: Uses OAuth2 using a standard user account. OAuthVersion must be set to 2.0.
- OAuthPKCE: Uses OAuth2 with the authorization code grant type and PKCE extension. OAuthVersion must be set to 2.0.
- OAuthJWT: Uses OAuth2 with the JWT bearer grant type. OAuthJWTCertType and OAuthJWTCert determine what certificate the JWT is signed with. OAuthVersion must be set to 2.0.
- GCPInstanceAccount: When running on a GCP virtual machine, the provider can authenticate using a service account tied to the virtual machine.
HDFS
The following options are available when ConnectionType is set to HDFS or HDFS Secure:
- None: No authentication is used.
- Negotiate: Kerberos authentication.
HTTP
The following options are available when ConnectionType is set to HTTP or HTTPS:
- None: No authentication is used.
- Basic: Basic user/password authentication.
- Digest: Uses HTTP Digest authentication with User and Password.
- OAuth: Uses either OAuth1 or OAuth2. OAuthVersion must be set to determine what version of OAuth is used.
- Bearer Token authentication: AuthScheme=OAuth, InitiateOAuth=Off, and OAuthAccessToken=Bearer token value.
- OAuthJWT: Uses OAuth2 with the JWT bearer grant type. OAuthJWTCertType and OAuthJWTCert determine what certificate the JWT is signed with. OAuthVersion must be set to 2.0.
- OAuthPassword: Uses OAuth2 with the password grant type. User and Password are the credentials. OAuthVersion must be set to 2.0.
- OAuthClient: Uses OAuth2 with the client credentials grant type. OAuthClientId and OAuthClientSecret are the credentials. OAuthVersion must be set to 2.0.
- OAuthPKCE: Uses OAuth2 with the authorization code grant type and PKCE extension. OAuthClientId is the credential. OAuthVersion must be set to 2.0.
IBM Cloud Object Storage
The following options are also available when ConnectionType is set to IBM Object Storage Source:
- OAuth: Uses OAuth with the specific flow being determined by the InitiateOAuth. ApiKey must be set to successfully complete this flow.
- HMAC: Uses AccessKey and SecretKey to authenticate to IBM Cloud Object Storage.
Oracle Cloud Storage
Only the following option is available when ConnectionType is set to Oracle Cloud Storage:
HMAC: Uses AccessKey and SecretKey to authenticate to the Oracle Cloud Storage.
SFTP
This ConnectionType defaults to using an AuthScheme called SFTP, but the authentication method is actually controlled using the SSHAuthMode property. See this property's documentation for further information.
SharePoint REST
The following options are also available when ConnectionType is set to SharePoint REST:
- AzureAD: Set this to perform Azure Active Directory OAuth authentication.
- AzureMSI: Set this to automatically obtain Managed Service Identity credentials when running on an Azure VM.
- AzureServicePrincipal: Set this to authenticate as an Azure Service Principal.
- AzureServicePrincipalCert: Set this to authenticate as an Azure Service Principal using a Certificate.
SharePoint SOAP
The following options are also available when ConnectionType is set to SharePoint SOAP:
- Basic: Use basic user/password credentials to authenticate.
- ADFS: Set to use a single sign on connection with ADFS as the identify provider.
- Okta: Set to use a single sign on connection with OKTA as the identify provider.
- OneLogin: Set to use a single sign on connection with OneLogin as the identify provider.