Skip to content

External User ID Mapping

Audience: User Admins

Content Summary: External IDs for native integrations can be mapped in for Databricks, HDFS, Presto/Trino, Snowflake, Azure Synapse Analytics, Redshift, and Teradata based on attributes from an external IAM system, allowing you to link an external account to the corresponding Immuta account even when usernames do not match between Immuta and the external system.

This page illustrates the steps to map external user IDs to Immuta from Snowflake, Databricks, HDFS, Presto/Trino, Azure Synapse Analytics, Redshift, and Teradata from the App Settings page. Links to other tutorials for specific access patterns are provided at the end of this tutorial.

Configure External User ID Mapping on App Settings Page

External IDs for native integrations can be mapped in for Databricks, HDFS, Snowflake, and Presto based on attributes from an external IAM system.

  1. Click the App Settings icon in the left sidebar and click Identity Management.
  2. After you have clicked Add IAM, define the mapping in the Profile Schema section of this.

    IAM Mapping

    Note: Mappings can also be disabled on the App Settings page, so it’s possible that not all of these fields will be available.

  3. Click Save.

  4. Test a login to ensure that the values are picked up correctly.

Manually Configure External User ID Mapping on a User's Page

Immuta HDFS Principals

HDFS principals allow Immuta users to access data through the HDFS and Spark access patterns.

Before assigning principals to Immuta users, make sure that the principals exist on your HDFS cluster:

* For clusters secured with Kerberos, you will need to create a Kerberos principal for each
Immuta HDFS principal that you wish to assign.

* For insecure clusters, you will need to create a system user for Immuta HDFS principal that you wish to assign.

Note: If your enterprise identity manager is configured to pull HDFS principals from the identity service provider, HDFS principals cannot be managed in the Immuta Administrator UI.

For IAMs where no mapping has been defined (including Immuta's built-in IAM), the external user ID mappings can be set manually.

  1. Click the Admin icon in the left sidebar, and select a user from the Users tab.
  2. Click the dropdown menu in the top right corner of the user's page.

    Change Username Dropdown

  3. Select Change Databricks Username, Change HDFS Principal, Change Snowflake Username, Change Presto Username, Change Azure Synapse Analytics Username, Change Redshift Username, or Change Teradata Username in the dropdown (these options are only visible if the ID is not mapped to an IAM schema value).

  4. Complete the Username field in the modal that appears and click Save.

    Username Modal

All external IDs are displayed on the user profile page.

What's Next

Continue to the next page or to this tutorial: External Catalogs.