When creating a connector in Conduit, the author must select authentication methods for that particular connector source. The selected authentication method will be used for data access to all tables in this connector, and can be updated as needed.


There are five distinct methods for defining access to the connector's data source:

  1. Anonymous authentication
    1. Provides access to the data source without checking credentials.
    2. There is no Authorization for this type of authentication.

  2. Conduit authentication
    1. Enables Conduit Admins to utilize user accounts and user groups created within the tool. This can be beneficial if restrictions around data access require custom groups, or if micro-channels are required for access to specific data sets (e.g. Ad-hoc project teams want to collaborate on similar data sets).
    2. To access data BI users are required to provide credentials that are looked up by Conduit in its internal user database. If there is no internal user with Email/Password that matches data source access request credentials, the access to connectors with Conduit authentication is denied
    3. By default Authorization is not enabled, meaning credentials of any internal user account will be sufficient to access the data.
    4. On Authorization tab Conduit Admins can enable and fine tune authorization based on Conduit groups created within the tool. 




  3. Active Directory authentication
    1. Leverages your organization's Active Directory subscription(s) and pre-defined AD groups.
    2. To access data BI users are required to provide credentials that are looked up by Conduit against specified on the connector AD user subscription.
    3. By default Authorization is not enabled, meaning all AD users in the selected AD user subscription will be allowed to access the data.
    4. On Authorization tab Conduit Admins can enable and fine tune authorization based on membership in AD groups in the selected AD user subscription. Similarly to Conduit authentication authorization, only specific tables can be made available for certain AD groups.




  4. Active Directory Pass Through
    1. This authentication method is available only for Azure/MS SQL and Dynamics365 connectors and allows access to Azure resources deployed in the same AD tenant as Conduit.  AD user email must be added to the resource as a user (ex: SQL database for Azure/ MS SQL connector) with at least db_datareader permission.
    2. At runtime, users are required to provide their own Active Directory credentials.
    3. By default Authorization is not enabled, meaning all AD users in the same AD tenant as Conduit app will be allowed to access the data.
    4. On Authorization tab Conduit Admins can enable and fine tune authorization based on membership in AD groups.  The admin will be asked to specify AD subscription when Authorization is enabled.
  5. User Credentials Pass Through
    1. This authentication method is available only for OData and Elasticsearch connectors
    2. External users are required to provide their own credentials that are used by Conduit directly against the datasource.