Cloud Portal ONE Desktop ONE DQ&C ONE MDM ONE RDM ONE Runtime Server
latest (16.3.0) 16.2.0 16.1.0 16.0.0 15.4.0 15.3.0 15.2.0 15.1.0 14.5.x 13.9.x 13.8.x 13.7.x 13.6.x 13.5.0 13.4.x 13.3.x 13.2.x
User Community Service Desk Downloads

Configure Atlan Integration

Follow this guide to set up Ataccama integration with Atlan.

The integration requires configuration on both Ataccama and Atlan side.

Configure Ataccama ONE

Ataccama ONE configuration involves creating a secure connection between Ataccama and Atlan so the two platforms can share data quality information.

This setup has three main steps:

  1. Set up a dedicated Keycloak client for secure, automated authentication between platforms.

  2. Create a new role in Keycloak.

  3. Map the role to a ONE group so that you can select which data sources to share with Atlan.

Prerequisites

Before you begin, make sure you have:

  • ONE user with access to the General Settings section of ONE.

  • Access to Keycloak in your ONE instance.

Keycloak configuration

Create Keycloak client

Set up a dedicated Keycloak client that enables secure, automated authentication between platforms.

To create a new Keycloak client:

  1. Navigate to your Keycloak Admin Console.

  2. Select the Ataccama ONE realm (for example, ataccamaone).

    Select Ataccama ONE realm

  3. Select Clients > Create client.

  4. Configure client settings:

    • Client type: OpenID Connect.

    • Client ID: A unique identifier (for example, atlan-integration-client).

    • Description: Client description (for example, Client used for integration with Atlan catalog.).

      Set up Keycloak client

  5. Select Next.

  6. Configure authentication:

    • Client authentication: Enable this option.

    • Authorization: Enable this option.

    • Authentication flow: Enable Standard flow and Service accounts roles. Do not change any other settings.

      Set up Keycloak client

  7. Select Next.

  8. Keep the Login settings screen as it is, and select Save.

Create and assign Atlan integration role

The Keycloak client is created with default roles that grant overly broad access. Here, you remove these and create a narrow, custom role that limits the client to only the specific permissions needed for the Atlan integration.

To assign required roles to the Keycloak client:

  1. Create a new role:

    1. From the left navigation menu, select Realm roles > Create role.

    2. Configure role settings:

      • Name: Role name (for example, atlan-integration-role).

      • Description: Role description (for example, Role for Atlan integration that enables synchronization of data quality results from selected Ataccama ONE sources).

        Create Atlan Integration role

    3. Select Save.

  2. Navigate to the Service accounts roles tab of your client.

  3. The client has some roles assigned by default. Unassign all of them.

  4. Assign the new role to the Keycloak client:

    1. Navigate back to the Service accounts roles tab of your client.

    2. Select Assign role.

    3. Filter by realm roles and select the role you have created in step 1.

    4. Select Assign to confirm.

Copy Ataccama ONE credentials

Atlan needs your client credentials to authenticate with Ataccama ONE. Copy the client secret and realm name of your Keycloak client and provide them to the person responsible for the Atlan configuration.

You can find the credentials in Keycloak Admin Console, under your client:

  • Client Secret: In the Credentials tab.

  • Realm name: Select the realm name from the dropdown in the upper-left corner of the Admin Console. Use the technical realm name, not the display name (for example, ataccamaone instead of Ataccama | ONE).

    You can also find this name in Realm settings > Realm ID value.

Ataccama ONE configuration

Map Atlan integration role to ONE group

To control which data sources are covered by the integration, you need to map the Atlan integration role from Keycloak to a group in Ataccama ONE. You can then share specific sources with this group to make them available for the integration.

In this step, you import the new role (atlan-integration-role) from Keycloak and assign it to a new dedicated group in ONE application:

  1. Log into Ataccama ONE application

  2. Import the role from Keycloak to ONE:

    1. Navigate to Global Settings > Users.

    2. Select Update to synchronize Keycloak to ONE.

      Update users

    3. In Global Settings > Identity Provider Roles, you can now see the imported Atlan integration role.

  3. Assign the role to a group:

    1. Navigate to Global Settings > Groups.

    2. Select Create to create a new dedicated group (for example, Atlan Admins).

    3. Fill the Name field and select Parent Group.

    4. In the Group roles section, find the Data Consumer row and add the realm role you created in Keycloak to the Identity provider role column.

      Map Atlan integration role to ONE group

    5. Select Save and publish.

Configure Atlan

For instructions about configuring Atlan for the integration, see the official Atlan documentation.

You’ll need the Keycloak client credentials you copied earlier during setup.

Next steps

Once you configure the integration, you can select the sources that should be included in it.

See Select Sources for Atlan Integration.

Was this page useful?