JWT Integration | Teradata Viewpoint - Enabling JWT Integration with Vantage Identity Provider for Viewpoint - Teradata Viewpoint

Teradata® Viewpoint Installation, Configuration, and Upgrade Guide for Customers - 24.04

Deployment
VantageCloud
VantageCore
Edition
Enterprise
IntelliFlex
Lake
VMware
Product
Teradata Viewpoint
Release Number
24.04
Published
April 2024
Language
English (United States)
Last Update
2024-04-29
dita:mapPath
ohm1711972149764.ditamap
dita:ditavalPath
acl1501004736403.ditaval
dita:id
ulq1467244577135
Product Category
Analytical Ecosystem

Viewpoint relies on an Identity Provider (IdP) to enable SSO support by using the JWT based authentication. Vantage uses the Ping Federate as the Identity Provider (Vantage IdP) and Viewpoint supports only this IdP. If the Viewpoint integration with SSO is enabled, then the Vantage IdP authenticates Viewpoint users. In this case the Viewpoint logon UI does not appear, and the user is directed to the Vantage IdP logon UI for authentication.

Vantage IdP also supports integrating the IdP of customers, called BYOIdP (Bring your own Identity Provider).

Accessing Viewpoint

Log on into Viewpoint as a Vantage IdP or BYOIdP user. If you are logging in for the first time to the Viewpoint, you get the User role. In Vantage if your roll claim set value is TD-Customer-Admin, then you get the VP_User_Manager role.

New Customers

As a new Vantage IdP or BYOIdP user, when you log on to Viewpoint for the first time, you automatically become a Viewpoint user. Role assignment remains the same.

Existing Viewpoint Customers Using the Vantage IdP

For the existing Viewpoint users to access Viewpoint through Vantage IdP, you need to create new users in the Vantage IdP with the same username. The Viewpoint roles assigned to these users continue to work as before.

Existing Viewpoint Customers Using the BYOIdP

If the existing Viewpoint username matches with the IdP username, then the Viewpoint roles assigned to these users continue to work as before.

Viewpoint maps the teradata_username claim value from the JWT to the Viewpoint portal username. If the value does not exist, then the subject name of the claim becomes the username. For existing customers, the teradata_username claim value coming from the Vantage IdP matches with the Viewpoint portal username. If the value does not match, Viewpoint considers the user as a new user, and assigns a default role.

Install a version of Viewpoint that supports Vantage IDP integration. Versions 16.50.05 and later support Vantage IDP integration.