Configure a data file connection

Who can use this feature?

  • Global admins
  • Available on all plans

A connection is an authentication mechanism to allow Totango to integrate with another system. Each connector has different requirements for connection. You can reuse connections to support multiple integration jobs. 

As an exception, a local file connector doesn’t require a connection.

Data file integrations are a closed system; you cannot reuse file-based connections for other integration families. 

Create a data file connection

  1. From within Settings, expand Data Management > Customer Data Hub.
  2. From the list of active connectors (left), choose Data Files.
  3. From the list of available connectors, hover over the data source you want to set up a connection with, and click Connect.
    mceclip0.png
  4. Enter a name and description (optional) for the connection. Because you can have multiple connections with a connector (using different authentication profiles), a name and description helps you identify the connection later.
  5. Depending on the connector type, the remaining authentication details may vary. Authentication may be through OAuth or other mechanism; follow the prompts (see below for details).

    Ensure that whatever application you’re connecting your Totango instance with, you use an account that is dedicated to these types of connections–or at least one that won’t lose access if someone one your team leaves.

Dropbox

Dropbox configuration is based on OAuth credentials. You will be asked to enter your Dropbox credentials, unless you are already connected in a different tab of the browser. In the latter, the OAuth configuration will take the credentials stored in your active session.

Google Drive

Google Drive configuration is based on OAuth credentials. You will be asked to enter your Google Drive credentials.

For security reasons, only the user who created the Google Drive connection can create, edit or duplicate integration jobs. Other users need to create their own connection with their own Google drive authentication in order to create integration jobs.

Once connected, locate the folder that the file is saved in (includes shared Google Drives). You can sync to Totango these file types:

  • CSV files with .csv extension
  • CSV files with .txt extension
  • CSV files with no extension
  • Google spreadsheet files with .gheet extension

You can use encrypted or unencrypted CSV files in the Google Drive connector.

Google Spreadsheets

You can sync to Totango Google spreadsheets files (with .gsheet extension) within the Google Drive connector.

  • Spreadsheet file will be downloaded as a regular CSV file. The Google connector will trim empty lines and empty columns to avoid empty results.
  • There is no option to work with multi-tabs spreadsheet (a spreadsheet with more than several tabs). In these cases, Totango uses automatically the first tab.
  • Google spreadsheet cannot serve as an encrypted file

SFTP connection

Insert the mandatory information for connecting to SFTP.

  • Username: SFTP login username
  • Password: SFTP login password
  • Host name: SFTP host domain
  • Folder path: The path to the file in one of the following forms:
    • Relative path: A relative path from your user home folder to the CSV file (e.g.,  documents\)
    • Full path: The full path to the CSV file (e.g., \usr\joe\documents\)
    • To indicate a "root" folder, just use a slash sign (/)

In the event that your network is behind a firewall, you will need to whitelist our servers so that we may retrieve files from your SFTP server. 

SFTP (Key File)

Insert the mandatory information for connecting to SFTP (Key File).

  • Username: SFTP login username
  • SSH Private Key: SSH Private key file (e.g., *.pkk files)
  • Host Name: SFTP host domain
  • Folder path: The path to the file in one of the following forms
    • Relative path:  A relative path from your user home folder to the CSV file (e.g., documents\)
    • Full path: The full path to the CSV file (e.g., \usr\joe\documents\)
    • To indicate a “root” folder, just use a slash sign (/)

Minio

Insert the mandatory information for connecting to Minio.

  • Endpoint URL: Your Minio URL address 
  • Access Key ID: Minio key ID
  • Secret Key: Minio key secret
  • Bucket Name:  Minio bucket name
  • Folder path: The folder path is optional and should include the path of the file folder in the bucket without the "/" characters at the beginning or the end. In case the files you want to upload are at the folder root, keep the folder path empty.

Amazon S3

Insert the required information for connecting to AWS S3.

  • Access Key ID: AWS API key ID
  • Secret Key: AWS API key secret
  • Bucket Name: AWS bucket name
  • Folder path: The folder path is optional and should include the path of the file folder in the bucket without the "/" characters at the beginning or the end

See this article to understand how to view, modify, and create your AWS Access Key and Secret Access Key.

Set S3 access and permissions

In order to access S3 buckets, you must provide roles to the service account that allow access to specific buckets. Provide these permissions to the Totango user setting up the connection:

  • S3:GetObject: Required to retrieve an object from Amazon S3.
  • S3:ListBucket: Required to list objects within a given bucket in Amazon S3.
    mceclip0.png

Set role-based authentication

For a more secure way to connect AWS S3, we also support role-based authentication to AWS S3.

  • See this article to learn how to use external ID when granting access to your AWS resources to a third party.
  • See this article on how to find the ARN of an S3 bucket.
  • Insert the required information to connect to AWS S3.Screen_Shot_2022-06-22_at_14.26.00.png

In your AWS S3 instance, you need to define Totango ARN.

Totango ARN is: "arn:aws:iam::671587110562:root"

The external id and the Totango ARN should go to the Trust relationship:

image__22_.png

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "dev",
      "Effect": "Allow",
      "Principal": {
        "AWS": "arn:aws:iam::671587110562:root"
      },
      "Action": "sts:AssumeRole",
      "Condition": {
        "StringEquals": {
          "sts:ExternalId": "JeCt8HScdPmNucvkeq7Cyym5"
        }
      }
    }
  ]
}

Set the permissions configuration (e.g., "Action": "s3:GetObject" and "Action": "s3:List*") in the permissions area:

image__23_.png
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "VisualEditor0",
      "Effect": "Allow",
      "Action": "s3:GetObject",
      "Resource": [
        "arn:aws:s3:::ih-cross-account-role/*",
        "arn:aws:s3:::ih-cross-account-role"
      ]
    },
    {
      "Sid": "VisualEditor1",
      "Effect": "Allow",
      "Action": "s3:List*",
      "Resource": [
        "arn:aws:s3:::ih-cross-account-role/*",
        "arn:aws:s3:::ih-cross-account-role"
      ]
    }
  ]
}

Google Cloud Storage (S3 Compatible)

Insert the mandatory information for connecting to GCS bucket.

  • Application Key: GCS application key Follow the steps in this article to create or get your application and secret keys.
  • Secret Key: GCS key secret key. Follow the steps in this article to create or get your application and secret keys.
  • Bucket Name: GCS bucket name
  • Folder path: Folder path is optional and should include the path of the file folder in the bucket without the "/" characters at the beginning or the end. In case the files you want to upload are at the folder root, keep the folder path empty.

Set GCP access and permissions

You can create a new service account to provide Totango with access to your GCP resources. The instructions on creating a new service account are covered in detail in GCP documentation.

Once you create the service account, create a new key, and ensure sure that you download the JSON associated with that key. This key is required in order to create the GCS integration to Totango Customer Data Hub

In order to access Google Cloud Storage buckets, you must provide roles to the service account that allow access to specific buckets. 

The Customer Data Hub needs the below permissions in order to access Google Cloud Storage buckets, you must provide these roles to the service account that is used by Customer Data Hub:

  • storage.objects.get - Required to retrieve an object from Google Cloud Storage.
  • storage.objects.list - Required to list objects within a given bucket in Google Cloud Storage.

Read more about GCS permissions.

Was this article helpful?

0 out of 0 found this helpful

Have more questions? Submit a request