Skip to main content

Microsoft Azure Active Directory (AAD)

This object allows for the use of Microsoft AAD as an identity provider for accessing Dremio.

Identity Provider Object
{
    "type": "AZURE_AD",
    "id": "acd23077-263a-4277-b5f6-926b1983c9de",
    "isActive": true,
    "domain": "dremio.onmicrosoft.com",
    "clientID": "e1ccc408-4cc8-8883-9b9b-9ec6a6e96fff",
    "clientSecret": null
}

Identity Provider Attributes

type String

The type of identity provider. For Microsoft AAD, this attribute value is always AZURE-AD.

id String (UUID)

The UUID to identify the identity provider.

Example: acd23077-263a-4277-b5f6-926b1983c9de

isActive Boolean

Set to true if the identity provider is configured and enabled. Otherwise displays as false.

Example: true

domain String

The domain of your Azure AD account in the Azure portal.

Example: dremio.onmicrosoft.com

clientID String

The client ID or application ID of your registered Dremio application on the Azure portal.

Example: e1ccc408-4cc8-8883-9b9b-9ec6a6e96fff

clientSecret String

The client secret of your registered Dremio application on the Azure portal.

Example: The client secret is not shown in the object and so the value is returned as null

Adding Microsoft AAD

Add Microsoft AAD as an identity provider. After adding an IdP, activate it using the associated endpoint.

Adding Microsoft AAD
POST /v0/identity-providers

Parameters

type Body   String

The type of identity provider. For Microsoft AAD, this attribute value is always AZURE-AD.

isActive Body   Boolean   Optional

Set to false to add Microsoft AAD as an identity provider.

Example: false

domain Body   String

The domain for your Microsoft AAD account in the Azure portal.

Example: dremio.onmicrosoft.com

clientID Body   String

The client ID or application ID of your registered Dremio application on the Azure portal.

Example: e1ccc408-4cc8-8883-9b9b-9ec6a6e96fff

clientSecret Body   String

The client secret of your registered Dremio application on the Azure portal.

Example: aaAaA_a1aA1A_A1aaa_1a~aaA1_A11-AA1

note

For information on how to get the domain, client ID, and client secret from the Azure portal, see Configure Microsoft Entra ID as an Identity Provider.

After adding an IdP, activate it using the associated endpoint.

Example Request
curl -X POST 'https://api.dremio.cloud/v0/identity-providers/' \
-H 'Authorization: Bearer <personal access token>' \
-H 'Content-Type: application/json' \
-d '{
    "type": "AZURE_AD",
    "isActive": "false",
    "domain": "dremio.onmicrosoft.com",
    "clientID": "e1ccc408-4cc8-8883-9b9b-9ec6a6e96fff",
    "clientSecret": "aaAaA_a1aA1A_A1aaa_1a~aaA1_A11-AA1"
}'
Example Response
{
    "id": "acd23077-263a-4277-b5f6-926b1983c9de"
}

Responses

200   OK

400   Bad Request

Retrieving Microsoft AAD

Get the metadata for Microsoft AAD by providing the identity provider ID that was returned on creation.

Retrieving Microsoft AAD
GET /v0/identity-providers/{id}

Parameters

id Path   String

The ID of the Microsoft AAD identity provider for which you want to retrieve metadata.

Example: acd23077-263a-4277-b5f6-926b1983c9de

Example Request
curl -X GET 'https://api.dremio.cloud/v0/identity-providers/acd23077-263a-4277-b5f6-926b1983c9de' \
-H 'Authorization: Bearer <personal access token>' \
-H 'Content-Type: application/json'
Example Response
{
    "type": "AZURE_AD",
    "id": "acd23077-263a-4277-b5f6-926b1983c9de",
    "isActive": true,
    "domain": "dremio.onmicrosoft.com",
    "clientID": "e1cec408-4c58-4283-9b9b-9ec6a6e96f83",
    "clientSecret": null
}

Responses

200   OK

400   Bad Request

Activating Microsoft AAD

Activate Microsoft AAD as an identity provider, once configured. This will show Microsoft AAD as an option to users on the Dremio Cloud login page.

Activating Microsoft AAD
POST /v0/identity-providers/{id}/activate

Parameters

id Path   String

The ID of the identity provider that you want to activate.

Example: acd23077-263a-4277-b5f6-926b1983c9de

Example Request
curl -X POST 'https://api.dremio.cloud/v0/identity-providers/acd23077-263a-4277-b5f6-926b1983c9de/activate' \
-H 'Authorization: Bearer <personal access token>' \
-H 'Content-Type: application/json'
Example Response
No response

Responses

200   OK

400   Bad Request

Deactivating Microsoft AAD

Deactivate Microsoft AAD. The Microsoft AAD option will no longer be available to users for authentication to Dremio Cloud and it will not be shown on the login page.

Deactivating Microsoft AAD
POST /v0/identity-providers/{id}/deactivate

Parameters

id Path   String

The ID of the identity provider that you want to deactivate.

Example: acd23077-263a-4277-b5f6-926b1983c9de

Example Request
curl -X POST 'https://api.dremio.cloud/v0/identity-providers/acd23077-263a-4277-b5f6-926b1983c9de/deactivate' \
-H 'Authorization: Bearer <personal access token>' \
-H 'Content-Type: application/json'
Example Response
No response

Responses

200   OK

400   Bad Request

Deleting Microsoft AAD

Delete Microsoft AAD.

Deleting Microsoft AAD
DELETE /v0/identity-providers/{id}

Parameters

id Path   String

The ID of the identity provider that you want to delete.

Example: acd23077-263a-4277-b5f6-926b1983c9de

Example Request
curl -X DELETE 'https://api.dremio.cloud/v0/identity-providers/acd23077-263a-4277-b5f6-926b1983c9de' \
-H 'Authorization: Bearer <personal access token>' \
-H 'Content-Type: application/json'
Example Response
No response

Responses

200   OK

400   Bad Request