Managing Connection Templates
This guide explains how to create, configure, and manage Connection Templates in Coginiti Team. Connection Templates are a unique administrative feature that standardizes database connections for users while providing flexible credential management options.
Overview
Connection Templates are pre-configured database connection settings that administrators create to simplify the connection process for users. Templates include all technical connection parameters (host, port, database name, etc.) while allowing flexible handling of user credentials.
Key Benefits
Standardization: Ensure consistent connection parameters across teams Security: Control credential sharing and implement service accounts Simplicity: Users only need to provide credentials, not technical details Administration: Centralized management of database access permissions
Connection Template Features
- Pre-configured Parameters: Host, port, database name, and other technical settings
- Flexible Credential Handling: Support for individual credentials or shared service accounts
- User Access Control: Assign templates to specific users or groups
- Multi-Platform Support: Available for all supported database platforms
- OAuth Integration: Special support for OAuth authentication (e.g., Snowflake)
Prerequisites
Administrative Requirements
- Administrator access to Coginiti Team
- Database connection details for the target platforms
- User management permissions to assign templates to users/groups
Database Requirements
- Valid database credentials for testing connections
- Network connectivity from Coginiti Team to target databases
- Service account credentials (if using shared authentication)
Creating Connection Templates
Step 1: Access Connection Template Management
- Click your account profile in the upper right corner of the application
- Select "Admin Settings" from the dropdown menu
- Choose "Manage Connection Templates" from the admin menu
Step 2: Create New Connection Template
- Click the (➕) icon next to the Connection Templates header
- Select your target database from the supported platforms list
- Choose a unique template name that clearly identifies the connection
Each Connection Template must have a unique name. Use descriptive names like "Production Snowflake", "Analytics PostgreSQL", or "HR Database" to help users identify the right connection.
Step 3: Configure Connection Parameters
Fill in all required connection details for your selected database platform:
Common Connection Settings
- Host/Server: Database server hostname or IP address
- Port: Database port number (platform-specific defaults)
- Database Name: Target database or schema name
- Connection Timeout: Timeout settings for connection attempts
- SSL Settings: Encryption and certificate requirements
Platform-Specific Examples
Snowflake Connection Template:
Account: your-org.snowflakecomputing.com
Warehouse: COMPUTE_WH
Database: ANALYTICS_DB
Schema: PUBLIC
Role: ANALYST_ROLE
PostgreSQL Connection Template:
Host: postgres.company.com
Port: 5432
Database: company_analytics
SSL Mode: require
SQL Server Connection Template:
Server: sqlserver.company.com
Port: 1433
Database: CorporateDB
Encrypt: true
Trust Server Certificate: false
Step 4: Configure Credential Sharing
Choose how credentials will be handled with the "Share Sensitive Data" checkbox:
Option 1: Shared Sensitive Data (Service Account)
Check "Share Sensitive Data" to enable service account mode:
Benefits:
- Users connect with a shared service account
- No individual credential management required
- Consistent permissions across all users
- Simplified access control
Use Cases:
- Read-only analytics access
- Standardized reporting connections
- Temporary or contractor access
- Compliance-controlled environments
Configuration:
- Enter service account credentials in the username/password fields
- Credentials will be hidden from end users
- Users see only the connection name and can connect immediately
Option 2: Individual User Credentials
Uncheck "Share Sensitive Data" for individual authentication:
Benefits:
- Each user provides their own credentials
- Individual audit trails and permissions
- Personalized database access
- Granular access control
Use Cases:
- Development environments
- Administrative access
- Personalized workspaces
- Row-level security implementations
Configuration:
- Leave username/password fields empty or use placeholder values
- Users will be prompted for credentials when connecting
- Each user maintains their own authentication
Step 5: Assign Users and Groups
Use the Available Consumers and Assigned Consumers sections to control access:
User Assignment Process
- View Available Consumers: See all users and groups not currently assigned
- Select users/groups: Choose who should have access to this template
- Move to Assigned Consumers: Transfer selected users to the assigned list
- Remove access: Move users back to Available Consumers to revoke access
Group-Based Assignment
- Assign entire user groups for efficient management
- Group membership changes automatically update template access
- Role-based access control through group assignments
- Simplified onboarding for new team members
Step 6: Save and Test Template
- Click "Save" to create the connection template
- Test the connection using the built-in connection test
- Verify user access by testing with an assigned user account
- Review template settings and adjust if needed
OAuth Authentication Templates
Snowflake OAuth Configuration
Coginiti supports OAuth authentication for Snowflake through Connection Templates:
Step 1: Create OAuth Connection Template
- Create a new Connection Template following the standard process
- Select "OAuth" as the authentication method
- Configure OAuth-specific settings
Step 2: Configure OAuth Parameters
Fill in the OAuth-specific fields:
Required OAuth Settings:
- Client ID: OAuth application client identifier
- Client Secret: OAuth application client secret
- Authorization URL: Snowflake OAuth authorization endpoint
- Token URL: Snowflake OAuth token endpoint
- Scope: Required OAuth scopes (typically
session:role:USER)
Snowflake OAuth URLs:
Authorization URL: https://your-account.snowflakecomputing.com/oauth/authorize
Token URL: https://your-account.snowflakecomputing.com/oauth/token-request
Step 3: Configure Sensitive Data Sharing
Important: Carefully consider the "Share Sensitive Data" setting for OAuth:
Checked (Shared OAuth Credentials):
- Users authenticate with shared OAuth application
- OAuth tokens managed centrally
- Simplified user experience
- Reduced OAuth application management
Unchecked (Individual OAuth):
- Each user must configure their own OAuth credentials
- Individual OAuth applications required
- More complex setup but granular control
Step 4: Assign OAuth Template
- Share the template with authorized users
- Ensure users understand the OAuth authentication flow
- Test OAuth authentication with assigned users
- Monitor OAuth token refresh and expiration
Other OAuth Platforms
Connection Templates support OAuth for additional platforms:
Google BigQuery OAuth:
- Service account JSON key files
- User account OAuth flows
- Project and dataset access control
Azure SQL OAuth:
- Azure Active Directory integration
- Managed identity support
- Multi-factor authentication compatibility
AWS Redshift OAuth:
- IAM role-based authentication
- Identity provider integration
- Temporary credential management
Managing Existing Templates
Editing Connection Templates
Modify Template Settings
- Navigate to Manage Connection Templates
- Click "Edit" next to the template name
- Update connection parameters as needed
- Modify user assignments if required
- Save changes to apply updates
Changes to Connection Templates affect all users immediately. Test changes in a development environment when possible, and communicate updates to affected users.
Common Template Updates
- Credential rotation: Update service account passwords
- Server migrations: Change host/port information
- Access control: Add/remove user assignments
- Parameter tuning: Adjust timeouts and connection settings
User Access Management
Adding Users to Templates
- Select the template to modify
- Choose users from Available Consumers
- Move users to Assigned Consumers
- Save changes to grant access
Removing User Access
- Select users in Assigned Consumers
- Move users back to Available Consumers
- Confirm removal of access rights
- Users lose access immediately upon save
Bulk User Management
- Group assignments: Manage access through user groups
- Role-based templates: Create templates for specific job functions
- Department access: Organize templates by organizational structure
- Project teams: Temporary access for project-based work
Template Maintenance
Regular Maintenance Tasks
Monthly:
- Review user assignments and remove inactive users
- Test template connections for availability
- Update credentials before expiration
Quarterly:
- Audit template usage and optimize assignments
- Review security settings and credential sharing
- Update connection parameters for infrastructure changes
Annually:
- Comprehensive security review of all templates
- Credential rotation for service accounts
- Template consolidation and cleanup
Monitoring Template Usage
- Connection logs: Monitor which templates are actively used
- User activity: Track individual usage patterns
- Error monitoring: Identify connection issues and failures
- Performance metrics: Optimize connection parameters
User Experience with Templates
How Users See Connection Templates
Template Identification
Users see Connection Templates with special indicators:
- "Template" label next to connection names
- Template icon in connection lists
- Consistent naming as defined by administrators
Connection Process for Users
With Shared Sensitive Data:
- Select template from connection list
- Connect immediately without credential prompts
- Begin working with pre-configured connection
Without Shared Sensitive Data:
- Select template from connection list
- Enter username and password when prompted
- Credentials are saved for future connections
- Work with personalized database access
Template Advantages for Users
- Simplified setup: No need to know technical connection details
- Consistent access: Standardized connection parameters
- Quick connections: Faster setup for new databases
- Reduced errors: Pre-validated connection settings
User Training and Support
User Onboarding
Introduce Connection Templates:
- Explain the concept and benefits
- Show how to identify template connections
- Demonstrate the connection process
- Provide troubleshooting resources
Best Practices for Users:
- Use templates instead of creating individual connections
- Report connection issues to administrators
- Don't share individual credentials
- Understand the difference between shared and individual authentication
Security Considerations
Credential Security
Service Account Management
Best Practices:
- Use dedicated service accounts for shared templates
- Implement least privilege access principles
- Rotate credentials regularly (quarterly recommended)
- Monitor service account usage and access patterns
Service Account Security:
Account Naming: svc_coginiti_analytics
Password Policy: Complex, 90-day rotation
Permissions: Read-only for analytics templates
Monitoring: Log all access and queries
Individual Credential Protection
- Encrypt credentials in Coginiti Team database
- Use secure transmission for credential entry
- Implement session timeouts for credential caching
- Audit credential usage and access patterns
Access Control Security
Template Access Auditing
Regular Security Reviews:
- Quarterly access reviews: Verify user assignments are appropriate
- Separation of duties: Ensure templates don't violate security policies
- Principle of least privilege: Remove unnecessary access
- Documentation: Maintain records of template assignments
Network Security
- Database firewall rules: Restrict access to Coginiti Team servers
- VPN requirements: Mandate secure network connections
- SSL/TLS encryption: Encrypt all database connections
- Certificate validation: Verify database server certificates
Compliance Considerations
Audit Trail Requirements
Template Administration:
- Log all template creation and modification activities
- Track user assignment changes and access grants
- Monitor template usage and connection patterns
- Maintain historical records for compliance reporting
User Activity Monitoring:
- Track which users access which templates
- Log successful and failed connection attempts
- Monitor query activity through templates
- Generate compliance reports for auditors
Troubleshooting Connection Templates
Common Template Issues
Template Not Visible to Users
Symptoms: Users cannot see assigned templates
Solutions:
- Verify user assignment: Check Assigned Consumers list
- Check user permissions: Ensure user has database access rights
- Refresh user session: Have user log out and back in
- Validate template status: Ensure template is active and saved
Connection Failures with Templates
Symptoms: Template connections fail or timeout
Solutions:
- Test connection parameters: Verify host, port, and database settings
- Check network connectivity: Ensure Coginiti can reach database
- Validate credentials: Test service account or user credentials
- Review firewall rules: Confirm database access from Coginiti server
Credential Prompt Issues
Symptoms: Users prompted for credentials when using shared templates
Solutions:
- Verify "Share Sensitive Data": Ensure checkbox is properly set
- Check service account credentials: Validate username/password
- Test template settings: Use connection test feature
- Review user assignment: Ensure user has proper template access
OAuth-Specific Troubleshooting
OAuth Authentication Failures
Common Issues:
- Invalid Client ID/Secret: Verify OAuth application credentials
- Redirect URI mismatch: Ensure callback URLs match configuration
- Token expiration: Check OAuth token refresh settings
- Scope insufficient: Verify required OAuth scopes are granted
Debugging Steps:
- Test OAuth flow manually in browser
- Check OAuth application settings in identity provider
- Verify network connectivity to OAuth endpoints
- Review OAuth logs in Coginiti application logs
Performance Optimization
Template Performance Tuning
Connection Optimization:
- Adjust connection timeouts for network conditions
- Configure connection pooling for high-usage templates
- Optimize query performance through database tuning
- Monitor connection usage patterns and peak times
User Experience Optimization:
- Pre-warm connections for frequently used templates
- Cache credentials appropriately for user experience
- Optimize template assignment to reduce choice overload
- Provide usage guidance for complex templates
Advanced Template Configuration
Multi-Environment Templates
Development vs Production Templates
Strategy:
- Create separate templates for each environment
- Use clear naming conventions: "DEV-Analytics", "PROD-Analytics"
- Different user assignments: Restrict production access
- Environment-specific settings: Adjust timeouts and parameters
Example Configuration:
Development Template:
- Name: "DEV-Customer-Database"
- Host: dev-db.company.com
- Users: All developers and analysts
- Credentials: Shared development account
Production Template:
- Name: "PROD-Customer-Database"
- Host: prod-db.company.com
- Users: Senior analysts and managers only
- Credentials: Individual user accounts
Template Hierarchies and Inheritance
Template Organization
By Department:
- Finance templates for financial data sources
- Marketing templates for campaign databases
- Operations templates for operational systems
By Access Level:
- Read-only templates for general users
- Read-write templates for data analysts
- Administrative templates for database admins
By Data Classification:
- Public data templates with broad access
- Internal data templates with department restrictions
- Confidential data templates with limited access
Integration with User Management
LDAP Integration with Templates
Automatic Assignment:
- Map LDAP groups to template access
- Synchronize user assignments with directory changes
- Implement role-based template access
Configuration Example:
LDAP Group: "Analytics_Team"
Template Access:
- Customer Analytics (Snowflake)
- Sales Database (PostgreSQL)
- Marketing Data Warehouse (BigQuery)
LDAP Group: "Finance_Users"
Template Access:
- Financial Reporting (SQL Server)
- Budget Database (Oracle)
OAuth OIDC with Templates
SSO Integration:
- Use OAuth claims for template assignment
- Map identity provider groups to template access
- Implement just-in-time template provisioning
Support and Resources
Getting Help
For Connection Template assistance:
- Coginiti Support: support@coginiti.co
- Documentation: Database-specific connection guides
- Community: User forums and knowledge base
Additional Resources
- Database Connections Guide - Comprehensive database setup information
- Data Platforms Reference - Technical specifications for supported platforms
- User Management Guide - User and group management
- Security Log Reference - Audit and compliance logging
Summary
You have successfully configured Connection Templates for Coginiti Team! Key achievements:
✅ Template Creation: Standardized database connections with pre-configured parameters ✅ Credential Management: Flexible handling of individual vs shared authentication ✅ User Access Control: Proper assignment of templates to users and groups ✅ Security Implementation: Secure credential handling and access auditing ✅ OAuth Integration: Advanced authentication for supported platforms ✅ Maintenance Procedures: Ongoing template management and optimization
Your Coginiti Team instance now provides users with simplified, standardized database connections while maintaining administrative control over access and security.