Prerequisites¶
Alation Cloud Service Applies to Alation Cloud Service instances of Alation
Customer Managed Applies to customer-managed instances of Alation
Configure Network Connectivity¶
Open outbound TCP port 443 to the Salesforce server.
Create Service Account¶
For basic authentication and for the initial configuration of the OAuth-based connection, Alation requires a service account with a username and password. You can use an existing user or create a new user for Alation.
To use a new user, log in to Salesforce and create a User ID and Password. Refer to Usernames and Passwords for more information.
The service account user must have enough permissions to extract metadata from the database. See API Permissions below.
API Permissions¶
Before performing metadata extraction or sampling and profiling, ensure that you enable API permissions for the service account in Salesforce. In Salesforce, go to Setup > Profiles > <your user profile> > Administrative Permissions and select the API Enabled checkbox.
Configure OAuth Using Client Credentials Workflow¶
To use OAuth authentication, you must configure OAuth using Client Credentials Workflow:
Start the Connector Access Gateway Service. For information, see the Alation: Start the Connector Access Gateway Service section in Configure Authentication via AWS STS and an IAM Role.
In Alation, click the Settings gear icon in the top right corner.
Click Authentication.
Under the Authentication Configuration Methods for External Systems section, select OAuth from the Add configuration dropdown.
- Configure an OAuth profile with Config name, Client Id, and Client Secret. For more information, see the OAuth section in the Authentication Configuration Methods for External Systems.
Under Client credentials dropdown, select GrantType. For information on the supported formats for Token Endpoint URL, see Configure a Salesforce Authentication Provider .
Note
Leave the Authorize Endpoint URL, User Info Endpoint URL, and the Redirect URL fields blank.
Click Save.