Skip to content
For Self-Managed AI Platform users running v11.1, see the on-premise platform documentation
Self-managed installation and maintenance > Installation and configuration guide > DataRobot advanced configuration section > OAuth Providers

OAuth Providers

The OAuth Providers system enables the OAuth2 workflow, allowing DataRobot users to grant the system permissions to access their external resources directly within DataRobot.

The currently supported OAuth providers:

  • Github Cloud;
  • GitLab Cloud;
  • Bitbucket Cloud;
  • Google;
  • Box;
  • Microsoft;

Starting with DataRobot 11.1, self-managed versions of supported OAuth providers are supported.

OAuth Providers

The OAuth Providers system has been available since DataRobot 11.0. It was originally introduced to enhance the Notebooks session experience by utilizing the OAuth2 flow for accessing private Git repositories instead of relying on Personal Access Tokens. Starting with DataRobot 11.1, it is also used in custom applications to access external resources, such as Google Docs.

Configure OAuth Providers

To fully leverage the OAuth Providers functionality, you need to set up corresponding OAuth apps in the provider site and integrate the app with DataRobot:

GitHub

  1. Navigate to Settings → Developer Settings → GitHub Apps.

We are using GitHub Apps not GitHub OAuth Apps.

  1. Fill out the register new GitHub App form:

  2. GitHub App name: DataRobot x {YOUR_ORG_NAME}(could be anything, but should be unique)

  3. Description: DataRobot GitHub App to authorize DataRobot to authenticate to user’s Git provider on their behalf. (could be anything but it’s shown to the end users so make it clear what the app does for them)
  4. Homepage URL: {DATAROBOT_BASE_URL}
  5. Callback URL: {DATAROBOT_BASE_URL}/account/oauth-providers/ (with the trailing slash)
  6. Expire user authorization tokens: :check ma Checked
  7. Request user authorization (OAuth) during installation: :Check Mark: Checked
  8. Webhook
  9. Active: unchecked
  10. Permissions:
  11. Repository permissions:
    • Contents: Read & Write
    • Metadata: Read-only
    • Workflows: Read & Write
  12. Organization permissions:
    • Members: Read-only
  13. Account permissions:
    • Email addresses: Read-only
    • Profile: Read & Write

  14. Where can this GitHub App be installed? Any Account

  15. Create a new GitHub App with this information.

  16. Generate a new private key and save it securely. Then, go to the top of the form and generate a Client Secret. The secret should also be saved securely.

  17. Copy the following information to configure the DataRobot installation:

  18. The Client ID and Client Secret should be set as corresponding values of the oauth-providers-service-oauth-github k8s secret:

data:
  OAUTH_PROVIDERS_GITHUB_CLIENT_ID: <base64 encoded Client Id>
  OAUTH_PROVIDERS_GITHUB_CLIENT_SECRET: <base64 encoded Client Secret>
  • Mount the secret in to the oauth-providers-service deployment:
secrets:
    - name: "OAUTH_PROVIDERS_GITHUB_CLIENT_ID"
      valueFrom:
        secretKeyRef:
          name: "oauth-providers-service-oauth-github"
          key: OAUTH_PROVIDERS_GITHUB_CLIENT_ID
    - name: "OAUTH_PROVIDERS_GITHUB_CLIENT_SECRET"
      valueFrom:
        secretKeyRef:
          name: "oauth-providers-service-oauth-github"
          key: OAUTH_PROVIDERS_GITHUB_CLIENT_SECRET
  • The Public Link should be used as OAUTH_PROVIDERS_GITHUB_APP_PUBLIC_URL config in values.yaml:
core:
  config_env_vars:
    OAUTH_PROVIDERS_GITHUB_APP_PUBLIC_URL: <Public Link>

GitLab

  1. Navigate to User Settings → Applications

  2. Fill out the Add new application form:

  3. Name: DataRobot x {YOUR_ORG_NAME}(but could be anything)

  4. Redirect URI: {DATAROBOT_BASE_URL}/account/oauth-providers/ (with the trailing slash)
  5. Check mark Confidential
  6. Check mark the following Scopes:
  7. api
  8. read_user
  9. read_repository

  10. write_repository

  11. Save configurations as a new application.

  12. Copy the following information to configure the DataRobot installation:

  13. The Application ID and Secret should be set as corresponding values of the oauth-providers-service-oauth-gitlab k8s secret:

data:
  OAUTH_PROVIDERS_GITLAB_CLIENT_ID: <base64 encoded Application ID>
  OAUTH_PROVIDERS_GITLAB_CLIENT_SECRET: <base64 encoded Secret>
  • Mount the secret in to the oauth-providers-service deployment:
secrets:
    - name: "OAUTH_PROVIDERS_GITLAB_CLIENT_ID"
      valueFrom:
        secretKeyRef:
          name: "oauth-providers-service-oauth-gitlab"
          key: OAUTH_PROVIDERS_GITLAB_CLIENT_ID
    - name: "OAUTH_PROVIDERS_GITLAB_CLIENT_SECRET"
      valueFrom:
        secretKeyRef:
          name: "oauth-providers-service-oauth-gitlab"
          key: OAUTH_PROVIDERS_GITLAB_CLIENT_SECRET

Bitbucket

  1. Navigate to Workspace Settings → OAuth consumers

You need to be a workspace admin to be able to access the settings.

  1. Fill out the Add OAuth consumer form:

  2. Name: DataRobot x {YOUR_ORG_NAME}(but could be anything)

  3. Description: DataRobot OAuth App to authorize DataRobot to authenticate to user’s Git provider on their behalf. (could be anything but it’s shown to the end users so make it clear what the app does for them)
  4. Callback URL: {DATAROBOT_BASE_URL}/account/oauth-providers/ (with the trailing slash)
  5. URL: https://www.datarobot.com/
  6. Privacy policy URL: https://www.datarobot.com/privacy/ (optional)
  7. End user license agreement URL: https://www.datarobot.com/legal/ (optional)
  8. Leave This is a private consumer unchecked
  9. Check mark the following Permissions:
  10. Account: Read, Email

  11. Repositories: Read, Write, Admin, Delete

  12. Save the configuration as a new Bitbucket OAuth app.

  13. Copy the following information to configure the DataRobot installation:

  14. The Client ID and Client Secret should be set as corresponding values of the oauth-providers-service-oauth-bitbucket k8s secret:

data:
  OAUTH_PROVIDERS_BITBUCKET_CLIENT_ID: <base64 encoded Client ID>
  OAUTH_PROVIDERS_BITBUCKET_CLIENT_SECRET: <base64 encoded Client Secret>
  • Mount the secret in to the oauth-providers-service deployment:
secrets:
    - name: "OAUTH_PROVIDERS_BITBUCKET_CLIENT_ID"
      valueFrom:
        secretKeyRef:
          name: "oauth-providers-service-oauth-bitbucket"
          key: OAUTH_PROVIDERS_BITBUCKET_CLIENT_ID
    - name: "OAUTH_PROVIDERS_BITBUCKET_CLIENT_SECRET"
      valueFrom:
        secretKeyRef:
          name: "oauth-providers-service-oauth-bitbucket"
          key: OAUTH_PROVIDERS_BITBUCKET_CLIENT_SECRET

Box

Reference article: Managing platform apps

  1. Navigate to the Box Developer Console.
  2. On the My Platform Apps page, press the Create Platform App button.
  3. Select Custom App.
  4. Fill out the form with the following data:
  5. Name: DataRobot x {YOUR_ORG_NAME} (but could be anything)
  6. Description: DataRobot OAuth App to authorize DataRobot to access files on behalf of users. (This can be anything, but it’s displayed to end users, so ensure it clearly explains the app's purpose.)
  7. Purpose: Integration
  8. Categories: Box Sign
  9. Which external system are you integrating with?: DataRobot

Press the Next button.

  1. Select User Authentication (OAuth 2.0) and press the Create App button.

(Optional) If you are setting up a self-managed version of the provider, go to the DataRobot Application OAuth Provider Management+ Add OAuth Provider and fill out the form with data from the OAuth 2.0 Credentials section on the app configuration page in the Box Developer Console.

  1. In the app configuration, go to the OAuth 2.0 Redirect URIs section and add {DATAROBOT_BASE_URL}/account/oauth-providers/?providerId=<PROVIDER ID> to the Redirect URI field, then press the Add button. The provider ID can be found on the DataRobot Application OAuth Provider Management page.

  2. In the Application Scopes section, select Read all files and folders stored in Box.

  3. Save the settings by clicking the Save button.

  4. (Only for system-level applications) Copy the following information to configure the DataRobot installation:

  5. The Client ID and Client Secret should be set as corresponding values of the oauth-providers-service-oauth-box Kubernetes secret:

data:
  OAUTH_PROVIDERS_BOX_CLIENT_ID: <base64 encoded Client ID>
  OAUTH_PROVIDERS_BOX_CLIENT_SECRET: <base64 encoded Client Secret>
  • Mount the secret into the oauth-providers-service deployment:
secrets:
   - name: "OAUTH_PROVIDERS_BOX_CLIENT_ID"
    valueFrom:
      secretKeyRef:
       name: "oauth-providers-service-oauth-box"
       key: OAUTH_PROVIDERS_BOX_CLIENT_ID
   - name: "OAUTH_PROVIDERS_BOX_CLIENT_SECRET"
    valueFrom:
      secretKeyRef:
       name: "oauth-providers-service-oauth-box"
       key: OAUTH_PROVIDERS_BOX_CLIENT_SECRET

Google

Reference article: Using OAuth 2.0 to Access Google APIs

  1. Navigate to the Credentials page of your Google Cloud project.
  2. Press the Create credentials button and select OAuth client ID.
  3. Fill out the creation form:
  4. Application Type: Web application
  5. Name: DataRobot x {YOUR_ORG_NAME} (can be anything)
  6. Authorized JavaScript Origins: {DATAROBOT_BASE_URL}
  7. Authorized Redirect URIs: Skip this field for now. Press the Create button.
  8. Save the Client ID and Client Secret from the popup dialog. You will no longer be able to view or download the client secret once you close this dialog.

(Optional) If you are setting up a self-managed version of the provider, go to the DataRobot Application OAuth Provider Management+ Add OAuth Provider and fill out the form with data from the previous step.

  1. Go to the application settings page in the Google Cloud Console. Find the Authorized redirect URIs section and add {DATAROBOT_BASE_URL}/account/oauth-providers/?providerId=<PROVIDER ID> to the list. The provider ID can be found on the DataRobot Application OAuth Provider Management page.

  2. (Only for system-level applications) Copy the following information to configure the DataRobot installation:

  3. The Client ID and Client Secret should be set as corresponding values of the oauth-providers-service-oauth-google Kubernetes secret:

data:
  OAUTH_PROVIDERS_GOOGLE_CLIENT_ID: <base64 encoded Client ID>
  OAUTH_PROVIDERS_GOOGLE_CLIENT_SECRET: <base64 encoded Client Secret>
  • Mount the secret into the oauth-providers-service deployment:
secrets:
  - name: "OAUTH_PROVIDERS_GOOGLE_CLIENT_ID"
    valueFrom:
     secretKeyRef:
      name: "oauth-providers-service-oauth-google"
      key: OAUTH_PROVIDERS_GOOGLE_CLIENT_ID
  - name: "OAUTH_PROVIDERS_GOOGLE_CLIENT_SECRET"
    valueFrom:
     secretKeyRef:
      name: "oauth-providers-service-oauth-google"
      key: OAUTH_PROVIDERS_GOOGLE_CLIENT_SECRET

Microsoft

⚠️ NOTE: Currently, we only support Multi-Tenant Microsoft Entra ID applications.

Reference article: Register an application in Microsoft Entra ID

  1. Navigate to the Microsoft Entra ID App Registrations and click New registration.
  2. Fill out the registration form:
  3. Name: DataRobot x {YOUR_ORG_NAME} (can be anything)
  4. Supported account types: Accounts in any organizational directory (Any Microsoft Entra ID tenant - Multitenant)
  5. Redirect URI: Leave this field empty for now.
  6. Click Register to create the application.
  7. On the new application control screen, copy and save the Application (client) ID value. This will be needed later as CLIENT_ID.
  8. On the application control screen, go to the Certificates & secrets section, create a new client secret, and copy its value. This will be needed later as CLIENT_SECRET.

(Optional) If you are setting up a self-managed version of the provider, go to the DataRobot Application OAuth Provider Management+ Add OAuth Provider and fill out the form with the data from the previous step.

  1. Go to the application settings page, navigate to the Authentication (Preview) section, and click the Add Redirect URI button.

  2. Select "Web" as the platform and add {DATAROBOT_BASE_URL}/account/oauth-providers/?providerId=<PROVIDER ID> to the Redirect URI field. Leave other fields empty and click the Configure button.

  3. (Only for system-level applications) Copy the following information to configure the DataRobot installation:

  4. The Client ID and Client Secret should be set as corresponding values (steps 4 and 5) of the oauth-providers-service-oauth-microsoft Kubernetes secret:

data:
  OAUTH_PROVIDERS_MICROSOFT_CLIENT_ID: <base64 encoded Client ID>
  OAUTH_PROVIDERS_MICROSOFT_CLIENT_SECRET: <base64 encoded Client Secret>
  • Mount the secret into the oauth-providers-service deployment:
secrets:
  - name: "OAUTH_PROVIDERS_MICROSOFT_CLIENT_ID"
   valueFrom:
    secretKeyRef:
      name: "oauth-providers-service-oauth-microsoft"
      key: OAUTH_PROVIDERS_MICROSOFT_CLIENT_ID
  - name: "OAUTH_PROVIDERS_MICROSOFT_CLIENT_SECRET"
   valueFrom:
    secretKeyRef:
      name: "oauth-providers-service-oauth-microsoft"
      key: OAUTH_PROVIDERS_MICROSOFT_CLIENT_SECRET