Google Security Setup

Connecting to Google BigQuery, Google Analytics, or Google Drive involves first providing a mechanism to authenticate with the data source:

  • First, go to the Security tab and setup Authentication (see below).
  • Next, go to the Connection tab and setup the Project selections.

Once authenticated, users need to select the relevant project to enable the connection.

  • Click here for more details on setting BigQuery as a data source.

Security and Authentication

On the Security tab, select the authentication method:

  • Service Account - via JSON file (BigQuery only)
  • SSO specific user - via interactive authentication to Google with a single account for all users
  • SSO end user - via interactive authentication to Google by each INDIVIDUAL user as the login into Pyramid

Service Account Connections

This option is available for BigQuery only.

When using a service account, the authentication is common to all users of the connection. The details of the authentication are contained in a JSON file downloaded from the BigQuery administrative console. It contains details like details such as Client ID and Client Secret.

User Account OAuth Connections

Another way to connect to BigQuery, Google Analytics, or Google Drive is using SSO OAuth Authentication. This type of authentication utilizes the user's credentials to connect and authenticate access to a given data source. The process is often used in big organizations that have centralized security and are using one framework to secure all data assets.

Authentication Options for BigQuery, Google Analytics, and Google Drive

When creating a data source in Pyramid and completing the setup 'card', administrators can elect which type of authentication model to use:

  • Single Sign-on (OAuth) - Specific User: All users of this data source will share and use the credentials and sign in code defined here.
  • Single Sign-on (OAuth) - End User: Each user will be prompted to sign in to Google when starting Pyramid or when connecting to the data source. This is a "one off" event. The user's sign in code will be stored and reused for subsequent data access. Pyramid will automatically refresh this as needed. All users will share the Client ID and Client Secret defined here.

Enabling End User OAuth Authentication

You need to create Client ID and Client Secret strings that enable connection to your particular BigQuery, Google Analytics, or Google Drive data in an encoded manner. These strings are generated using the Google Cloud Console (created as part of the Create Credentials process) and then copied and pasted to the relevant dialog boxes on the data card.

The Client ID and Client Secret are used by all users to access the BigQuery, Google Analytics, or Google Drive application.

Signing In

With the drop down set to "Single Sign-on (OAuth) - End User", each user will be prompted to sign into Google for individually authenticated data access.

With the drop down set to "Single Sign-on (OAuth) - Specific User", each user will share the Google account as well as the Client ID and Client Secret.

  • Sign-In with Google: Use this button to sign into Google to retrieve the Refresh Code
  • Refresh Code: Returned by Google and used by Pyramid to connect to the Google Account.

Project Selection

Note: Not required for Google Drive setups.

After the authentication has been configured, return to the Connection tab and:

  • For BigQuery, select the relevant BigQuery Project from the drop down. Optionally, also select the Quota Project from the second drop down.
  • For Google Analytics, select the Connection Type from the drop down.