When King Richard III cried the immortal line: "A horse! A horse! My kingdom for a horse!" he was painfully aware of his vulnerability on the battlefield. While Shakespeare wasn’t thinking about cyber security back then, it’s just as much of a battleground today when it comes to fighting against the vulnerabilities of login credentials and protecting the keys to your ‘data castle’.

This is why Identity Access Management (IAM) is becoming so important for many organizations. IAM is a framework of business processes, policies and technologies used to manage the authentication and authorization of our digital identities.

One of the technologies that is fast becoming the de facto industry standard protocol for online authorization is OAuth 2.0. Largely because it allows organizations to authenticate across applications by providing access to the data via tokens without ever revealing the user’s identity or credentials.

When it comes to Data Integration, at Qlik, we understand the importance of security and the need for flexibility to match your IT requirements without compromise. Over various releases of our popular data replication solution Qlik Replicate, we've introduced the following flows to manage OAuth authorization when connecting to your required endpoints.

• Automated
• Semi-automated
• User Interactive

However, it is important to note that the flow is ultimately driven by the Identity Provider (IDP) and can be platform-dependent.

Automated

This is the preferred flow, using a Service Principal and is also known as “Machine-to-Machine” (M2M) or  “Client Credentials Flow”. We recently introduced this automated flow in the latest release of Qlik Replicate for our customers using Databricks Lakehouse (Delta) and Databricks (Cloud Storage), without the need to provide information about the IDP. The flow works by requesting an OAuth token which is then used to login into Databricks instead of user credentials. The OAuth tokens have a defined lifespan, however, they are refreshed automatically, without user intervention required, while keeping the connection secure.

Semi-automated

An alternative flow is a semi-automated approach where the request for the token can be made outside of the UI and to the IDP directly. This is useful if you are managing authorization and authentication via APIs.

User Interactive

We’ve had to implement this flow for Snowflake due to how they support OAuth. This method requires manual user interaction in the Qlik Replicate UI. When configuring the Snowflake endpoint in Qlik Replicate you need to provide the information about the IDP to obtain the OAuth token, which is provided back to Qlik Replicate and used for authorization.

We've implemented these mechanisms to cater for different methods that the IDP or your organization may prefer to use to offer the best flexibility and choice.

The work we’ve done under the hood to deliver these methods paves the way for adding more endpoints that support OAuth, for example, we are looking at supporting PostgreSQL and Google BigQuery endpoints next, stay tuned for announcements with further releases.  

Do you have an endpoint that you need to OAuth support for? – please submit your request via Ideation on Qlik Community. (authentication required - pun intended 😉)

What to learn more?

Read our online documentation for Qlik Replicate for both the Databricks and Snowflake endpoints

Snowflake (AWS / Azure / Google)

Setting up a Redirect URI for Snowflake

Databricks Lakehouse (Delta) /  Databricks (Cloud Storage) / ODBC

Connect to Qlik Replicate