Skip to content

App Settings Tutorial

Audience: Application Admins

Content Summary: This page details how to use the App Settings page to configure settings for Immuta for your organization.

  1. Click the App Settings icon in the left sidebar.

    App Settings

  2. Click the link in the Configuration panel to navigate to that section.

    App Settings Sidebar Default

Identity and Access Management (IAM)

To configure Immuta to use your organization's existing IAM,

  1. Click the Add IAM button.
  2. Complete the Display Name field and select your IAM type from the Identity Provider Type dropdown: LDAP/Active Directory, SAML, or OpenID.

    Config IAM

Adding LDAP or Active Directory

Once you have selected LDAP/Active Directory from the Identity Provider Type dropdown menu,

  1. Adjust Default Permissions granted to users by selecting from the list in this dropdown menu, and then complete the required fields in the Credentials and Options sections.
  2. Opt to Enable Debug Logging or Enable SSL by clicking the checkboxes.
  3. In the Profile Schema section, map attributes in LDAP/Active Directory to automatically fill in a user's Immuta profile. Note: Fields that you specify in this schema will not be editable by users within Immuta.
  4. Opt to Sync groups from LDAP/Active Directory to Immuta by selecting this checkbox, and then click the Test Connection button.
  5. Once the connection is successful, click the Test User Login button.

Adding SAML

Once you have selected SAML from the Identity Provider Type dropdown menu,

  1. Adjust Default Permissions granted to users by selecting from the list in this dropdown menu, and then complete the required fields in the Client Options section.
  2. In the Profile Schema section, map attributes in SAML to automatically fill in a user's Immuta profile. Note: Fields that you specify in this schema will not be editable by users within Immuta.
  3. Opt to Sync groups from SAML to Immuta by selecting this checkbox, and then click the Test Connection button.
  4. Once the connection is successful, click the Test User Login button.

Adding OpenID

Once you have selected OpenID from the Identity Provider Type dropdown menu,

  1. Adjust Default Permissions granted to users by selecting from the list in this dropdown menu, and then complete the rest of the required fields in the first section.
  2. In the Profile Schema section, map attributes in OpenID to automatically fill in a user's Immuta profile. Note: Fields that you specify in this schema will not be editable by users within Immuta.
  3. Click the Test Connection button.
  4. Once the connection is successful, click the Test User Login button.

Immuta Accounts

To set the default permissions granted to users when they log in to Immuta, click the Default Permissions dropdown menu, and then select permissions from this list.

Default Permissions

External Catalogs

To link Immuta to your organization's enterprise data catalog system,

  1. Click the Add Catalog button.
  2. Enter the URL to the external catalog in the URL field.
  3. Complete the Username and Password fields. Note: This is the username and the password that Immuta can use to connect to the external catalog.
  4. Click the Test Connection button.

Data Providers

You can enable or disable the types of data sources users can create in this section. Some of these types will require you to upload an ODBC driver before they can be enabled. The list of currently supported drivers is on the ODBC Drivers page.

To enable a data provider,

  1. Click the menu button in the lower right corner of the provider icon you want to enable.

    Enable

  2. Select Enable from the dropdown.

If an ODBC driver needs to be uploaded,

  1. Click the menu button in the lower right corner of the provider icon, and then select Upload Driver from the dropdown.

    Upload Driver Menu

  2. Click in the Add Files to Upload box and upload your file.

    Driver Upload

  3. Click Close.

  4. Click the menu button again, and then select Enable from the dropdown.

Email

Application Admins can configure the SMTP server that Immuta will use to send emails to users. If this server is not configured, users will only be able to view notifications in the Immuta console.

To configure the SMTP server,

  1. Complete the Host and Port fields for your SMTP server.
  2. Enter the username and password Immuta will use to log in to the server in the User and Password fields, respectively.
  3. Enter the email address that will send the emails in the From Email field.
  4. Opt to Enable TLS by clicking this checkbox, and then enter a test email address in the Test Email Address field.
  5. Finally, click Send Test Email.

    Config Email

Once SMTP is enabled in Immuta, any Immuta user can request access to notifications as emails, which will vary depending on the permissions that user has. For example, to receive email notifications about group membership changes, the receiving user will need the GOVERNANCE permission. Once a user requests access to receive emails, Immuta will compile notifications and distribute these compilations via email at 10-minute intervals.

Kerberos

To configure Immuta to protect data in a kerberized Hadoop cluster,

  1. Upload your Kerberos Configuration File and Keytab File.
  2. Enter the principal Immuta will use to authenticate with your KDC in the Username field. Note: This must match a principal in the Keytab file.
  3. Adjust how often (in milliseconds) Immuta needs to re-authenticate with the KDC in the Ticket Refresh Interval field.
  4. Click Test Kerberos Initialization.

    Kerberos

HDFS Cache Settings

To improve performance when using Immuta to secure Spark or HDFS access, a user's access level is cached momentarily. These cache settings are configurable, but decreasing the Time to Live (TTL) on any cache too low will negatively impact performance.

To configure cache settings, enter the time in milliseconds in each of the Cache TTL fields.

HDFS Cache Settings

System API Key

If you are using Immuta to protect data in a Hadoop cluster, you will need to configure the HDFS name node with a system API key.

To do so,

  1. Click the Generate Key button.
  2. Save this API key in a secure location, and then follow the instructions in the Hadoop Installation Guide to set the immuta.system.api.key property in the name node configuration.

Public URLs

You can set the URL users will use to access the Immuta Application and Query Engine. Note: Proxy configuration must be handled outside Immuta.

  1. Complete the Public Immuta URL, Public Query Engine Hostname, and Public Query Engine Port fields.
  2. Opt to Enable SSL by clicking this checkbox.

    Public URLs

Policy Exemptions

Click the Allow Policy Exemptions checkbox to allow users to specify who can bypass all policies on a data source.

Policy Exemptions

Governor and Admin Settings

These options allow you to restrict the power individual users with the GOVERNANCE and USER_ADMIN permissions have in Immuta. Click the checkboxes to enable or disable these options.

Gov and Admin Settings

Custom Permissions

You can create custom permissions that can then be assigned to users and leveraged when building subscription policies. Note: You cannot configure actions users can take within the console when creating a custom permission, nor can the actions associated with existing permissions in Immuta be altered.

To add a custom permission, click the Add Permission button, and then name the permission in the Enter Permission field.

Custom Permissions

Data Source Access Requests

To create a custom questionnaire that all users must complete when requesting access to a data source, fill in the following fields:

  • Key: Any unique value that identifies the question.
  • Header: The text that will display on reports.
  • Label: The text that will display in the questionnaire for the user.

Data Source Access Request Questionnaire

Login Message

To create a custom message for the login page of Immuta, enter text in the Enter Login Message box. Note: The message can be formatted in markdown.

Opt to adjust the Message Text Color and Message Background Color by clicking in these dropdown boxes.

Login Message

Advanced Configuration

Advanced configuration options provided by the Immuta Support team can be added in this section. The configuration must adhere to the YAML syntax.

Advanced Configuration

Uploading ODBC Drivers

Immuta uses ODBC drivers to communicate with external database technologies. You may use the Config Builder to upload drivers to be deployed to your Immuta instance. Drivers are deployed with configuration changes. See Deploying Configuration Changes for instructions on deploying.

Deploying Configuration Changes

When you are ready to finalize your configuration changes, click the Save button at the bottom of the left panel

Config Builder Save