Skip to main content

Database passthrough authentication for Databricks

This guide walks you through setting up database passthrough authentication for Databricks. With this setup, each Holistics user authenticates with their individual Databricks credentials, and queries run under their identity in Databricks.

Step-by-step setup

Step 1: register Holistics as a custom OAuth application in Databricks

  1. Follow the Databricks documentation to enable custom OAuth applications

  2. Configure the following settings on the "Add Connection" page:

Redirect URLs:

https://secure.holistics.io/data_sources/oauth_callback
https://eu.holistics.io/data_sources/oauth_callback
https://us.holistics.io/data_sources/oauth_callback

Note: If you're using a custom domain e.g. company.holistics.io, please add the custom domain to the redirect URLs following the pattern above. e.g. https://company.holistics.io/data_sources/oauth_callback

Additional Settings:

  • Access Scopes: All APIs
  • Client Secret: Enable "Generate a client secret"
  • Access Token TTL: 1440 minutes (24 hours)
  • Refresh Token TTL: 129600 minutes (90 days)
  1. After creating the application, copy and save both the Client ID and Client Secret - you'll need these in the next step.
Databricks Custom OAuth Application

Step 2: configure passthrough authentication in Holistics

  1. Navigate to the Data Sources page in Holistics (/manage/data_sources)

  2. If you don't already have a Databricks data source, add a new data source using your Personal Access Token

  3. Enable passthrough authentication by clicking the "Passthrough" button on your data source in the listing page

Passthrough Data Source Configuration

  1. Enter the Client ID and Client Secret from Step 1, then save

Step 3: connect your database credentials

Each user must authenticate with their individual Databricks account:

  1. Go to My Account settings (/users/settings)
  2. Locate the Database Authentication section
  3. Click to login with your Databricks credentials
My Account OAuth Login

Token expiration behavior

Access tokens expire after 24 hours, and refresh tokens expire after 90 days. Users will be prompted to re-authenticate when their refresh tokens expire.

Open Markdown
Let us know what you think about this document :)