Posted On: Apr 7, 2022

Amazon Redshift now provides native integration with Microsoft Azure Active Directory (AD), which customers can use for authentication and authorization with tools like Microsoft Power BI. You can now use Azure AD to authenticate access to Amazon Redshift and the end users get their permissions based on their group membership defined in Azure AD.

With this release, as an Amazon Redshift admin, you can register your Azure AD as an Identity Provider (IdP) with Amazon Redshift using a SQL command. You can create database roles with the same names as your groups in IdP and grant privileges to the appropriate database roles. After you configure Azure AD, when an end user logs in to Amazon Redshift cluster authenticating with Azure AD, their group memberships will be retrieved from Azure AD and will be mapped with the right database roles. The user will be authorized to perform tasks based on the privileges on the right roles. You can use the native authentication with Microsoft Power BI and other tools and applications using JDBC/ODBC drivers.

This feature is now available in all Amazon Web Services (AWS) commercial regions where Amazon Redshift is available. You can learn more about native Azure AD authentication from the Redshift cluster management guide and blog.