Connect to Amazon Redshift with SAML authentication

Official documentation

For full information about Amazon Redshift, refer to the official documentation.
For more versions of Amazon Redshift JDBC driver, refer to the official JDBC driver downloads.
Amazon Redshift identity federation with multi-factor authentication

In this tutorial, we will create an Amazon Redshift data source, configure it to use SAML authentication with JumpCloud identity provider, and run a test connection to a database.

For more information about the integration and connection settings, refer to the following pages:

Prerequisites

Your Amazon Redshift dashboard must have a Amazon Redshift cluster in it. For more information about the Amazon Redshift cluster, refer to Getting Started with Amazon Redshift.
AWS SSO has to be enabled for your AWS account.
Your AWS account has to be linked to your JumpCloud account.

Create a data source

In the Database Explorer (⌘ 1) , click New on the toolbar and navigate to Data Source | Amazon Redshift.
Check if there is a Download missing driver files link at the bottom of the connection settings area. Click this link to download drivers that are required to interact with a database. For a direct download link, refer to the JetBrains JDBC drivers page.
Specify the database connection details.
1. In the Host field, type the port number. For example, examplecluster.abc123xyz789.us-west-2.redshift.amazonaws.com.
2. In the Port field, type the URL to connect to your Amazon Redshift account with. In our case, it is 5439.
3. Leave the User and Password fields empty.
  
  You can set the Password field empty by right-clicking it and selecting Set Empty.
4. In the Database field, type the database name to which you want to connect. In our case, the database is dev.
5. To the end of autogenerated URL in the JDBC URL field, add ? and the following properties separated with &:
  - plugin_name=<credentials_provider_class_name>: the SAML-based credential provider plugin you use for authentication. In this tutorial, we will use the Browser SAML plugin that can work with SAML-based identity providers: plugin_name=com.amazon.redshift.plugin.BrowserSamlCredentialsProvider.
  - login_url=<login_url>: the identity provider URL. In our case, it is the URL to the JumpCloud login page: login_url=https://sso.jumpcloud.com/saml2/awsredshift.
  To ensure enough time is provided for authorization, you can set the duration before the JDBC driver stops waiting for the SAML response. To do this, use the idp_response_timeout=<X> property. For example, use idp_response_timeout=60 to set 60 seconds.
So, our JDBC URL is as follows:

jdbc:redshift:iam://examplecluster.abc123xyz789.us-west-2.redshift.amazonaws.com:5439/dev?plugin_name=com.amazon.redshift.plugin.BrowserSamlCredentialsProvider&login_url=https://sso.jumpcloud.com/saml2/awsredshift

Alternatively, type your JDBC URL in the URL field. The general URL to use is as follows:
- Format:
  
  jdbc:redshift:iam://<cluster_name>.<additional_unique_identifier>.<cluster_region>.redshift.amazonaws.com:<port_number>/dev?plugin_name=<plugin_name>&login_url=<login_url>&user=<username>&password=<password>
- Example,:
  
  jdbc:redshift:iam://examplecluster.abc123xyz789.us-west-2.redshift.amazonaws.com:5439/dev?plugin_name=com.amazon.redshift.plugin.BrowserSamlCredentialsProvider&login_url=https://sso.jumpcloud.com/saml2/awsredshift&user=my_username&password=dummy_password
Click the Test Connection link at the bottom of the connection details area to initiate a test connection to your database.
On the JumpCloud website that opens in the browser, enter your user credentials and log in to your JumpCloud account.
Once JumpCloud confirms your identity, return to DataGrip.
In the IDE, click OK to save your new data source.

Last modified: 15 May 2025