External User ID Mapping
Audience: User Admins
Content Summary: External IDs for native integrations can be mapped in for Databricks, HDFS, Presto/Trino, Snowflake, Azure Synapse Analytics, Redshift, and Teradata based on attributes from an external IAM system, allowing you to link an external account to the corresponding Immuta account even when usernames do not match between Immuta and the external system.
This page illustrates the steps to map external user IDs to Immuta from Snowflake, Databricks, HDFS, Presto/Trino, Azure Synapse Analytics, Redshift, and Teradata from the App Settings page. Links to other tutorials for specific access patterns are provided at the end of this tutorial.
Configure External User ID Mapping on App Settings Page
External IDs for native integrations can be mapped in for Databricks, HDFS, Snowflake, and Presto based on attributes from an external IAM system.
- Click the App Settings icon in the left sidebar and click Identity Management.
After you have clicked Add IAM, define the mapping in the Profile Schema section of this.
Note: Mappings can also be disabled on the App Settings page, so it’s possible that not all of these fields will be available.
- Test a login to ensure that the values are picked up correctly.
Manually Configure External User ID Mapping on a User's Page
Immuta HDFS Principals
Before assigning principals to Immuta users, make sure that the principals exist on your HDFS cluster:
* For clusters secured with Kerberos, you will need to create a Kerberos principal for each Immuta HDFS principal that you wish to assign. * For insecure clusters, you will need to create a system user for Immuta HDFS principal that you wish to assign.
Note: If your enterprise identity manager is configured to pull HDFS principals from the identity service provider, HDFS principals cannot be managed in the Immuta Administrator UI.
For IAMs where no mapping has been defined (including Immuta's built-in IAM), the external user ID mappings can be set manually.
- Click the Admin icon in the left sidebar, and select a user from the Users tab.
Click the dropdown menu in the top right corner of the user's page.
Select Change Databricks Username, Change HDFS Principal, Change Snowflake Username, Change Presto Username, Change Azure Synapse Analytics Username, Change Redshift Username, or Change Teradata Username in the dropdown (these options are only visible if the ID is not mapped to an IAM schema value).
Complete the Username field in the modal that appears and click Save.
All external IDs are displayed on the user profile page.
Continue to the next page or to this tutorial: External Catalogs.