IBM Cloud Docs
Setting Azure AD authentication

Setting Azure AD authentication

Set your authentication method to AzureAD with the REGISTER EXTERNAL AUTHENTICATION SYSTEM SQL statement.

Two factor authentication is not supported with an external authentication system.

Syntax

REGISTER EXTERNAL AUTHENTICATION SYSTEM 'AzureAD' with clientid 'AZURE CLIENT ID' tenantid 'AZURE TENANT ID'

Setting Azure AD authentication with the web console

  1. Log in to the web console as an admin.

  2. Go to the Query editor.

  3. Register an Azure AD external authentication system. Specify the clientid and tenantid parameters.

    REGISTER EXTERNAL AUTHENTICATION SYSTEM 'AzureAD' with clientid 'AZURE CLIENT ID' tenantid 'AZURE TENANT ID';
SET VARIABLE

  4. Create a user or users with the external authentication method set to AzureAD as desribed in Creating users.

  5. Verify whether the user was created successfully.

    1. Go to Users and groups > Users.
    2. Locate the user.
    3. Check the Authentication type section for the user.

Setting Azure AD authentication with the command-line

  1. Connect to NPSaaS as an admin.

    In the example, the 'nzsql' command is used. You can also use the the ODBC or JDBC drivers.

    nzsql -host <nps_host_ip> -u admin -pw XXXXX
    Example
    Input Description
    nps_host_ip

    Specifies the IP address of your instance.
    To retrieve NPS HOST IP:

    1. Log in to your IBM Cloud account.
    2. Go to Private endpoints > Service instance details.
    3. Select your instance.
      Your instance IP address is displayed on the page now.
    user Specifies the user name.
    password Specifies the password for the user.

    Example:

    nzsql -host X.XX.XXX.XXX -u admin -pw password
Welcome to nzsql, the IBM Netezza SQL interactive terminal.
Type:  \h for help with SQL commands
       \? for help on internal slash commands
       \g or terminate with semicolon to execute query
       \q to quit

SYSTEM.ADMIN(ADMIN)=>

  2. Register an AzureAD external authentication system. Specify the clientid and tenantid parameters.

    REGISTER EXTERNAL AUTHENTICATION SYSTEM 'AzureAD' with clientid 'AZURE CLIENT ID' tenantid 'AZURE TENANT ID';
SET VARIABLE

  3. Create a user or users with the external authentication method set to AzureAD.

    CREATE USER "USER" with auth external 'AzureAD';

  4. Verify whether the user was created successfully.

    \q

nzsql -u '"USER"' -pw PASSWORD

    Example:

    \q

nzsql -u '"xyz@example.example.com"' -pw XXXXXXXXXXXXXX
Welcome to nzsql, the IBM Netezza SQL interactive terminal.

Type: \h for help with SQL commands
? for help on internal slash commands
\g or terminate with semicolon to execute query
\q to quit

SSL enabled connection. Cipher: ECDHE-RSA-AES256-GCM-SHA384, bits: 256, protocol: TLSv1.2

SYSTEM.ADMIN(xyz@example.example.com)=>