---
title: Share secure configurations
description: Allows IT admins to configure OAuth-based authentication parameters for a data connection, and then securely share them with other users without exposing sensitive fields.
---

# Share secure configurations {: #share-secure-configurations }

IT admins can configure OAuth-based authentication parameters for a data connection, and then securely share them with other users without exposing sensitive fields. This allows users to easily connect to their data warehouse without needing to reach out to IT for data connection parameters.

## IT admins {: #it-admins}

!!! info "Availability information"
     **Required user role:** Organization administrator

### Prerequisites {: #prerequisites }

Before proceeding, make sure you have the following parameters depending on the secure configuration type:

=== "OAuth 2.0"

     - Client ID
     - Client Secret
     - (optional) Scopes
     - Authorization endpoint URL
     - Token URL

    !!! example

        If your OAuth provider is Microsoft Entra ID, see the following examples:

        - Authorization endpoint URL: `https://login.microsoftonline.com/<TENANT_ID>/oauth2/v2.0/authorize`
        - Token URL: `https://login.microsoftonline.com/<TENANT_ID>/oauth2/v2.0/token`
        
        For other OAuth providers, including Okta, see the following examples:

        - Authorization endpoint URL: `https://<domain>/oauth/authorize`
        - Token URL: `https://<domain>/oauth/token-request`

     For more information, see [the documentation on connecting to Snowflake](dc-snowflake).

=== "Google Service Account"

     - Service Account Key (JSON string)

=== "Key pair"

    - Username (required only for Snowflake connections)
    - Private Key

     For more information, see the [documentation for connecting to Snowflake](dc-snowflake#key-pair).

=== "AWS Credentials"

    - AWS access Key ID
    - AWS secret access key

    For more information, see the [documentation for connecting to AWS S3](dc-s3) (available for public preview).


### Create a configuration {: #create-a-configuration }

To create a secure configuration:

1. Click your user icon in the upper-right corner and select **Secure Configurations**.

     ![](images/sec-config-1.png)

2. Click **Add a secure configuration**.

     ![](images/sec-config-2.png)

3. Fill out the required parameters for your data connection by selecting a schema under **Secure configuration type** and entering a _unique_ name under **Secure configuration display name**.

     ![](images/sec-config-3.png)

4. Click **Save**.

### Share a configuration {: #share-a-configuration }

Other users cannot access a secure configuration when setting up a data connection until it's been shared with them.

To share a secure configuration:

1. On the **Secure Configurations** page, click the **Share** icon next to a configuration.
2. In the sharing modal, enter the user(s), group(s), or organization(s) you want to grant access to (1). Then, select the appropriate user role (2) and click **Share** (3).

     ![](images/sec-config-4.png)

     Note that the role you select determines what configuration information the recipients can view. The table below describes each option:

     Role | Description
     ----- | ---------
     **End users** | :~~~:
     Consumer | Cannot view sensitive fields (indicated in the **Add secure configuration** modal).
     **Administrators** | :~~~:
     Editor| Can view and update sensitive fields.
     Owner | Full permissions for secure configurations, including the ability to delete existing configurations.

After sharing a secure configuration, the user(s) will receive a notification prompting them to finish setup.

### Manage secure configurations {: #manage-secure-configurations }

Once you've created a secure configuration, you can:

=== "Update a configuration"

	To update an existing configuration, click the name of the configuration you want to update. Update the fields that appear below the configuration name and click **Save**.

     ![](images/sec-config-8.png)

=== "Delete a configuration"

	To delete an existing configuration, click the **More options** icon next to the configuration you want to remove, and select **Delete**.

     ![](images/sec-config-6.png)

=== "Build credentials"

	To build credentials from an existing configuration, click the **More options** icon next to the configuration, and select **Build credentials**. 

     ![](images/sec-config-12.png)
     
     You can then define your [new credentials and associate a data connection](#associate-a-secure-configuration) with them.

=== "Revoke access"

	To revoke access to a shared secure configuration, click the **Share** icon next to the configuration and click the **X** next to the user, group, or organization.

     ![](images/sec-config-5.png)

## Users {: #users }

With a shared secure configuration, you can quickly connect to an external database or data lake without going through the trouble of filling in the required fields and potentially exposing sensitive fields.

To remove a secure configuration after it's been associated with a data connection, see the documentation on [stored data credentials](stored-creds#remove-stored-credentials).

### Prerequisites {: #prerequisites }

Before you can add a data connection with a secure configuration, your IT admin must share it with you.

### Associate a secure configuration {: #associate-a-secure-configuration }

You can apply secure configurations anywhere you have the option to create credentials in DataRobot, this includes the:

=== "**Secure configuration shared** notification"

      When building a credential from a shared secure configuration, save the credential with a unique name and then select a data connection to associate with those credentials.

      To build credentials with shared secure configurations from the in-app notification:

      1. Open the notification center ![](images/icon-alert.png) at the top of the page.
      2. In the **Secure configuration shared** notification, click **Build credentials**.

          ![](images/config-not-1.png)

      3. In the **Add credential** modal, enter a unique name for your credentials under **Display name**.

          ![](images/config-not-2.png)

      4. Click **Save**. The **Credentials Management** page opens with your new credentials highlighted.
      5. Click **Add associated connection**.

          ![](images/config-not-3.png)

      6. Select the data connection you want to associate with your secure configuration and click **Connect**.

          ![](images/config-not-4.png)

      7. Sign in with your database credentials.

=== "**Credentials Management** page"

      When adding a secure configuration from the **Credentials Management** page, you first add your credentials and then select a data connection to associate with those credentials:

      1. Click your user icon in the upper-right corner and select **Credentials Management**.

      2. Click **+ Add new**.

      3. Fill in the available fields:

          - Select the credential type associated with the secure configuration.
          - Click **Shared secure configurations**.
          - Select a secure configuration from the dropdown.
          - Enter a unique display name.
  
          ![](images/sec-config-13.png)

      4. Click **Save and sign in**.

      5. Click **Add associated connection**.

          ![](images/config-not-3.png)

      6. Select the data connection you want to associated with your secure configuration and click **Connect**.

          ![](images/config-not-4.png)

      7. Sign in with your database credentials.

=== "**Data Connection** page"

      When adding secure configuration from the **Data Connection** page, you first select the data connection and then add your credentials:

      1. Click your user icon in the upper-right corner and select **Data Connections**.

          ![](images/sec-config-7.png)

      2. Select a data connection.
      3. Select **Credentials** and click **+ Add Credentials**.

          ![](images/sec-config-9.png)

      4. In the **Add Credentials** modal, click **+ Create new**.

          ![](images/sec-config-10.png)

      5. Fill in the available fields:

          - Select the credential type associated with the secure configuration.
          - Click **Shared secure configurations**.
          - Select a secure configuration from the dropdown.
          - Enter a unique display name.

          ![](images/sec-config-11.png)

      6. Click **Save and sign in**, and then sign in with your database credentials.
