Configuring Microsoft Graph API user authentication

This topic describes how to configure Microsoft Graph API as the primary OAuth2 authentication provider for Data Quality & Observability Classic. Once configured, users can log in to Collibra DQ using their Microsoft Graph API credentials.

Prerequisites

In the Azure Portal, you have:

  • Registered an application.

  • Noted the Application (client) ID and Directory (tenant) ID.

  • Noted the Client Secret value.

Steps

  1. In Data Quality & Observability Classic, set the environment variable OAUTH2_LOGIN_ENABLED to TRUE.

    The OAuth 2.0 functionality activates.

  2. Click Cogwheel icon in the left navigation pane.

  3. Click Admin Console > User Management > OAuth2 Provider Configuration.

    The OAuth2 Provider Setup page opens.

  4. Fill in the following fields:

    Field Name

    Description

    Details & Where to Find

    Identity Provider

    Specifies the type of OAuth2 provider.

    Select Microsoft Graph API.

    Registration ID

    A unique, arbitrary name for this provider within your Collibra DQ environment. It is used internally by DQ to identify this specific configuration.

    Choose a name that is meaningful to you (for example, my-ms-graph, company-ms-graph).

    Enabled

    Controls whether the Microsoft Graph API login button displays on the Collibra DQ login screen.

    Set to False initially. You can toggle this to True after completing all configurations.

    Client ID

    The unique identifier for your Collibra DQ application in Microsoft Graph API.

    The Application (client) ID from Azure for your registered DQ application.

    Client Secret

    The confidential key generated for your Collibra DQ application in Azure.

    Found in Azure, copy this value from Certificates & secrets in your registered DQ application. This value is only shown once in Azure.
    Redirect URI The URI that matches your Azure application configuration. The redirect URI(s) configured in your OAuth2 provider's application settings.
    Tenant ID The Directory (tenant) ID from Azure.

    Enter the first part of your domain name or resource name. For example, if your domain name is "yourmsgraphtenant.onmicrosoft.com", then enter "yourmsgraphtenant".

  5. Click Save.