Connectivity Set Up between Alteryx Designer with Azure Databricks Using OAuth 2.0
Introduction
Recently One of my colleague reached out to me to wanted to have some connectivity setup between Alteryx Designer and Azure Databricks, The intention was to setup secure authentication is essential to ensure seamless connectivity. So I thought of investigating OAuth 2.0 authentication method which is more secure rather than using traditional Databricks PAT approach. OAuth allows Alteryx to securely connect to Databricks using Azure AD credentials. Here I will walk through the step-by-step process of configuring OAuth 2.0 authentication using Azure AD Service Principal (SPN) credentials in Alteryx Designer.
Step 1: Register an App in Azure AD
Since we are using a Service Principal for authentication, we need to create an App Registration in Azure AD.
1.1 Create an App Registration
Log in to Azure Portal.
Navigate to Azure Active Directory → App registrations.
Click New registration.
Enter the following details:
Name: Alteryx-Test
Supported Account Types: Select Single tenant.
Redirect URI: Choose Web and enter:
http://localhost:61445/ (make sure to add final URL as http://localhost/)
Click Register.
1.2 Copy Credentials
After registration, make sure to copy the following details for later use:
Application (Client) ID: 123456–1234–1234–1234–12345678
Directory (Tenant) ID: 123456–1234–1234–1234–12345678
Step 2: Configure API Permissions
To allow Alteryx to connect to Databricks, we need to configure the necessary API permissions.
In Azure Portal, navigate to Azure Active Directory → App Registrations → Your App.
Click API Permissions in the left menu.
Click Add a permission → APIs my organization uses.
Search for Databricks API (GUID: 2ff814a6–3304–4ab8–85cb-cd0e6f879c1d).
Select Delegated Permissions and add:
user_impersonation
Click Add permissions.
Click Grant admin consent to apply the changes.
Step 3: Generate Client Secret
Next step is to generate a new Client Secret which is used to authenticate the connection.
Navigate to Certificates & secrets in your app registration.
Click New client secret.
Enter some name (e.g., Alteryx-test) and select an expiration period (for example I have selected for 6 months, you can select based on your Org requirement).
Click Add.
Copy the Client Secret Value (you won’t be able to see it again).
Step 4: Identify Databricks Workspace and Resource URL
Next step is keep Azure Databricks details handy, such as Azure Databricks workspace URL.
http path etc.
Step 5: Make sure to add newly created SPN to Databricks.
For secure connectivity you can add your newly created SPN to Azure Databricks. Login to Databricks → Click on Workspace settings → Identity and Access → Click on Service Principals option.
Click on Add Service Principal option
Step 6: Configure OAuth 2.0 in Alteryx Designer
The simple way to configure a new Connection.
Open Alteryx Designer → Under Favorites → select Input Data.
Drag and drop that icon under New workflow.
Now click on Setup a connection option → It will open a new Data Connections option.
Go to Data sources option → under All data sources → search and select “Databricks” (same can be used for Databricks Unity Catalog) → Click on new Data connection.
Enter Data source name and http path → Click Save
Next step is to create a new Connect Credential → Click on + to create a new one.
Lets select the Authentication Method → there are total 4 options here we are going to select
Generic OAuth2 option.
Under credential → Create New Credential.
Next Under Grant Type select : Authorization Code
Under Authorization URL, enter https://login.microsoftonline.com/{tenantID}/oauth2/v2.0/authorize. Replace {tenantID} with your Azure tenant ID.
Under Token URL, enter https://login.microsoftonline.com/{tenantID}/oauth2/v2.0/token. Replace {tenantID} with your Azure tenant ID.
Under Scopes, enter 2ff814a6-3304-4ab8-85cb-cd0e6f879c1d/.default offline_access
Click Test Connection to verify connectivity. → Once you click on this as for the first time it will ask for you to validate your Identity on Azure Portal.
You will see this message.
Finally Click on Create and Link option.
Then you can proceed with your work.
Some of the Common Issues
Issue: AADSTS650057 — Invalid Resource
Solution:
Make sure Databricks API (2ff814a6–3304–4ab8–85cb-cd0e6f879c1d) is added in API permissions.
Grant admin consent.
Issue: Authentication Fails in Alteryx
Solution:
Ensure client ID, secret, and tenant ID are correctly entered.
Check that the client secret hasn’t expired.
Verify that the workspace URL is correct.
Alternative: Using Personal Access Token (PAT) Instead of OAuth 2.0
If OAuth 2.0 does not work, Then only go with Personal Access Token (PAT) for authentication:
In Databricks UI, navigate to User Settings → Access Tokens → Generate New Token.
Copy the token and use it in Alteryx instead of OAuth 2.0 credentials.
Conclusion
Setting up OAuth 2.0 authentication in Alteryx Designer for Databricks ensures secure and efficient connectivity. By following these steps, you can configure Alteryx to access Databricks seamlessly using Azure AD Service Principal (SPN) credentials.