Versions Compared

Old Version 16

changes.mady.by.user John Brinckwirth

Saved on

compared with

New Version Current

changes.mady.by.user Ruth Stento

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Table of Contents
maxLevel2

Overview

Snaps that write data to a database or a file on a server or move data between resources require you to have authenticated access to that resourceSnapLogic Accounts provide the information that Snaps need to access source and target endpoints when executing. For example, to write to S3 files on an AWS S3 database, you need an active S3 account. You can establish this access by creating an account on that resource with your credentials. 

Account expiration is controlled by the endpoint.

You can also choose to include the accounts while exporting or importing a project. See Importing and Exporting Projects for details.

Prerequisites

  • Write permissions for the project for which you are creating the account.
  • Values for account settings, such as hostname or server path, as applicable. These are received from the endpoint that you will access using the account. 

Known Issue

Multiexcerpt include macro
nameME_Chrome_Saving_Account_Credentials
pageConfiguring Spark SQL 2.x Accounts

Creating an Account

You can create an account in SnapLogic from the Accounts tab that is accessible through both Manager and Designer. To do this:

...

  1. Click Project Spaces in the left navigation bar.
  2. Navigate to your project space and click on the project for which you want to create an account. 
  3. In the project page, do one of the following:
    • With the All tab selected, click the + icon in the project toolbar and select Account.
    • Click the Accounts tab, and in the project toolbar on the right, click +
  4. Select the account you need to set up. For example, to create an AWS S3 account, select Binary > AWS S3. The supported account types are displayed when you click on the account name.
    Image Removed

...

Drag a Snap that requires the account that you want to create, to the Canvas. 

...

You can see the new account in your project's Accounts tab in Manager along with useful details such as the account type, creation date, and the user who created and last updated it. Hover over the account name to access the context menu. From there, you can access the account's activity log for its creation and modification. For more information, see Activity LogWhen you select a Snap that requires an account, the Account > Account Reference field lists accounts that work with that specific Snap, and to which you have access

If you have access to multiple Orgs, you can migrate accounts from one Org to another. See Migrating Accounts for more information.

...

a MySQL Snap requires authenticated access to a MySQL database. In SnapLogic, you create an Account to store credentials and any other information necessary to connect, such as a URL, hostname, and port number. The following screenshot shows an example Workday Account:

...

Protection for Account Information

At runtime, Account credentials are protected as follows:

  • For a SnapLogic-managed Snaplex (Cloudplex), when you create an Account, the information in it is encrypted by the browser before transmission using your Org’s public key. At rest, the encrypted Account data is stored in an encrypted Amazon S3 bucket. When a Pipeline executes, the Snaplex decrypts the information using a private key.

  • For a self-managed Snaplex (Groundplex) the default behavior is the same as for a SnapLogic-managed Snaplex. Organizations can add one of the following for additional security:

    • Enhanced Encryption, where the organization creates and manages the private keys used by nodes to decrypt credentials.

    • Secrets Management, for organizations using a third-party secret manager, such as HashiCorp Vault.

Creating Accounts and Controlling Access

You can create Accounts from SnapLogic Manager or add a new Account when configuring a Snap. For some endpoints, SnapLogic supports different types of Accounts. For example, for SQL Server, you can choose between a regular or a dynamic Account. Dynamic Accounts offer expession-enabled fields as described in the next section.

A single Account can be used by multiple Pipelines, Snaps, and Flows. Accounts are accessible to the User who created them and to Pipelines in the Project folder in which they were created. Accounts in a shared folder can be used by anyone with access permission to that folder. Org admins with access to multiple Orgs can migrate Accounts from one Org to another. Learn more about Migrating Accounts.

Anchor
dynamic
dynamic
Dynamic Accounts

Dynamic Accounts can use expressions for connection information instead of literal values. You can then define the values as Pipeline parameters, or if your Org is using Secrets Management, provide the values necessary to fetch credentials from a Secrets Manager.

To change a field to be dynamic, click (blue star) and enter the expression value. If you change a field with an encrypted value, such as a password or a token, to use an expression, the IIP clears the original value to protect sensitive information.

The following screenshot shows the dynamic fields available in an Azure SQL Active Directory Dynamic Account:

...

Related Content