Configure an External Catalog

This page outlines how to connect an external catalog on the Immuta app settings page. For details on external catalogs in Immuta, see the External catalog reference guide.

Link an Alation catalog

Requirements:

• APPLICATION_ADMIN Immuta permission

• An Alation API access token connected to a user with the Server Admin permission

1. Navigate to the App Settings page.

2. Scroll to 2 External Catalogs, and click Add Catalog.

3. Enter a Display Name and select Alation from the dropdown menu.

4. Complete the URL and API key fields. The API key must be an API access token for your Alation instance connected to a user with the Server Admin permission.

5. Configure whether or not Alation tags and custom fields are imported as Immuta tags:

   • Link Alation tags: When selected, Immuta imports Alation tags as Immuta tags.

   • Link Alation Custom Fields: When selected, Immuta imports Alation custom fields as Immuta tags. Follow the Alation documentation to create an Alation custom field, add permissions to your custom field, and apply custom fields to tables and columns.

6. Opt to select Upload Certificates.

   1. Upload the Certificate Authority, Certificate File, and Key File.

   2. Opt to enable Strict SSL by selecting the checkbox.

7. Click the Test Connection button.

8. Once the connection is successful, click Save.

Link a Collibra catalog

Requirements:

• APPLICATION_ADMIN Immuta permission

• A Collibra user with visibility on all assets relevant to Immuta data sources (Collibra global role Catalog or Catalog Author)

• A Collibra physical data dictionary with assets that correspond to your Immuta data sources

1. Navigate to the App Settings page.

2. Scroll to 2 External Catalogs, and click Add Catalog.

3. Enter the Display Name and select Collibra from the dropdown menu.

4. Enter the HTTP endpoint of the catalog in the URL field.

5. Select an authentication method from the dropdown menu. Immuta will use the credentials provided to connect to the external catalog:

   • Username and password: Complete the Username and Password fields.

   • OAuth 2.0:

     • Collibra OAuth provider: Generate the client ID and client secret in Collibra. Immuta will use these credentials to communicate with Collibra. See the Collibra documentation for more details.

       1. Fill out the Client ID. This is a combination of letters, numbers, or symbols used as a public identifier.

       2. Enter the Client Secret you created above.

       3. Leave the Token URL field blank.

       4. Opt to enter the Scope. The scope limits the operations and roles allowed in Collibra. See the OAuth 2.0 documentation for details about scopes.

     • External OAuth provider: Use your external OAuth provider client ID and client secret. Immuta will use these credentials to request an access token from the token endpoint. Immuta will use that returned access token as the authorization with Collibra.

       1. Set up Collibra to accept and validate external tokens in the JWT format. See the Collibra documentation for more details.

       2. Fill out the Client ID. This is a combination of letters, numbers, or symbols used as a public identifier.

       3. Enter the Client Secret. Immuta uses this secret to authenticate with the authorization server when it requests a token.

       4. Add the token endpoint URL in the Token URL field.

       5. Opt to enter the Scope. The scope limits the operations and roles allowed in Collibra. See the OAuth 2.0 documentation for details about scopes.

6. Complete the Asset Mappings modal to set which Collibra asset types align to the Immuta data source and column. Immuta will only link data sources from the asset types you specify.

7. Complete the Attributes as Tags modal to specify which Collibra attributes you want in Immuta. These attributes will come in as parent tags with their values as children tags.

8. Opt to select Upload Certificates.

   1. Upload the Certificate Authority, Certificate File, and Key File.

   2. Opt to enable Strict SSL by selecting the checkbox.

9. Click the Test Connection button.

10. Once the connection is successful, click Save.

Link a Microsoft Purview external catalog

Requirements:

• APPLICATION_ADMIN Immuta permission

• A Microsoft Purview catalog with assets that correspond to your Immuta data sources

• The ability to create a registered app in the Azure portal. See the prerequisite.

Prerequisite

Register an app in the Azure portal with the with the following settings:

• Supported account type: "Accounts in this organizational directory only"

• Microsoft-Graph: User.Read API permission

• A client secret

Using that registered app, navigate to Immuta and complete the following:

1. Navigate to the App Settings page.

2. Scroll to 2 External Catalogs, and click Add Catalog.

3. Enter the Display Name and select Microsoft Purview from the dropdown menu.

4. Complete the following fields:

   1. Enter the Microsoft Purview endpoint URL including the Azure Account Name, like https://<ACCOUNTNAME>.purview.azure.com, in the Purview Endpoint URL field.

   2. Complete the Microsoft Entra Directory (tenant) ID and Microsoft Entra (client) ID fields.

   3. Enter the Microsoft Entra Application Client Secret ID for Immuta to authenticate and connect to the Purview API. The secret cannot be expired.

5. Click the Test Connection button.

6. Once the test is successful, click Save.

Link a custom REST catalog

Requirements:

• APPLICATION_ADMIN Immuta permission

• An external catalog with tags that correspond to your Immuta data sources

• Authenticate with the Immuta API

Integrating a custom REST catalog service with Immuta requires implementing a REST interface. For details about the necessary endpoints that must be serviced, see the Custom REST catalog interface endpoints page.

1. Navigate to the App Settings page.

2. Scroll to 2 External Catalogs, and click Add Catalog.

3. Enter the Display Name and select Rest from the dropdown menu.

4. Select the Internal Plugin checkbox if the catalog has been uploaded to Immuta as a custom server plugin.

5. Complete the following fields:

   1. Enter the HTTP endpoint of the catalog in the URL field.

   2. Complete the Username and Password fields.

   3. Enter the path of the Tags Endpoint.

   4. Enter the path of the Data Source Endpoint.

   5. Enter the path to the information page for a data source in the Data Source Link Template field.

6. Opt to enter the path to the information page for a column in the Column Link Template field.

7. Opt to upload a Catalog Image.

8. Opt to select Upload Certificates.

   1. Upload the Certificate Authority, Certificate File, and Key File.

   2. Opt to enable Strict SSL by selecting the checkbox.

9. Click the Test Connection button.

10. Click the Test Data Source Link.

11. Once both tests are successful, click Save.

Enable Snowflake tag ingestion

If Snowflake data sources existed before configuring tag ingestion, Immuta will automatically sync those data sources to the catalog and apply tags to them. Immuta will automatically check the external catalog for changes and sync data sources to the catalog every 24 hours.

Enable Databricks Unity Catalog tag ingestion

If Databricks Unity Catalog data sources existed before configuring tag ingestion, Immuta will automatically sync those data sources to the catalog and apply tags to them. Immuta will automatically check the external catalog for changes and sync data sources to the catalog every 24 hours.

Manually link catalogs to data sources

You can manually link and remove external catalogs from data sources on the data source details tab.

1. Navigate to your data source.

2. In the connection information section, click the Link Catalog icon (or Unlink Catalog to remove an external catalog from a data source).

3. Select your external catalog from the dropdown menu.

4. Click Link to confirm.

Manually sync external catalog tags

1. Navigate to your data source and click the data source Health dropdown menu.

2. Click Re-run in the External Catalog section.