Get Started
Describes how to get started with HPE Ezmeral Unified Analytics Software.
Administration
Provides information about managing applications and clusters in HPE Ezmeral Unified Analytics Software.
Security
Describes security in HPE Ezmeral Unified Analytics Software.
- Identity and Access Management
  Describes identity and access management in HPE Ezmeral Unified Analytics Software.
  - User Isolation
    Describes user isolation in HPE Ezmeral Unified Analytics Software.
  - User Roles
    Describes roles that you can assign to users in HPE Ezmeral Unified Analytics Software.
  - AD/LDAP Servers
    Describes the differences between the internal OpenLDAP server in HPE Ezmeral Unified Analytics Software and external AD/LDAP servers. Also describes some of the server-related configuration options that you set during installation.
  - Adding and Removing Users
    Describes how administrators can add, remove users, and edit the role and password for users in HPE Ezmeral Unified Analytics Software.
  - Adding and Removing Users Programmatically
    Describes how to add and remove users through the Kubernetes API using the EzUserQuery and EzUserConfig custom resources.
  - Auth Tokens
    Describes Auth tokens and how Auth tokens work in HPE Ezmeral Unified Analytics Software.
    - Obtaining External Auth Tokens for REST API Endpoint Access
      Describes an example process for an external client application to obtain access tokens for authenticated access to a REST API endpoint and provides links to topics with instructions for obtaining Auth tokens.
      - Obtaining Tokens by Direct Grant
        Describes how to obtain access and refresh tokens with a user's credentials and the Keycloak service address.
      - Using Refresh Tokens
        Describes how to use refresh tokens that were obtained by direct grant or download from a web browser.
      - Obtaining Refresh Tokens with Browser
        Describes how to get a refresh token from a private web browsing window.
    - Obtaining Access Tokens from Kubernetes API
      Describes how to obtain the token inside a Kubernetes secret through the Kubernetes API.
    - Changing Auth Token Settings in Keycloak
      Describes how to change access and refresh token settings through the Keycloak Admin Console.
  - Managing Data Access
    Describes data access management and how to grant members access to data.
- Container Image Vulnerabilities and CVE Reports
  Describes how HPE Ezmeral Engineering provides software updates to address container image vulnerabilities.
Observability
Describes observability in HPE Ezmeral Unified Analytics Software.
Data Engineering
Data engineers can design and build pipelines that transform and transport data into usable formats for data consumers.
Data Analytics
Provides a brief overview of data analytics in HPE Ezmeral Unified Analytics Software.
Data Science
Provides a brief overview of data science in HPE Ezmeral Unified Analytics Software.
Notebooks
Provides a brief overview of Notebooks in HPE Ezmeral Unified Analytics Software.
Glossary
Definitions for commonly used terms in HPE Ezmeral Unified Analytics environments.

Obtaining Refresh Tokens with Browser

Describes how to get a refresh token from a private web browsing window.

You can get a refresh token from a private browsing window. When you get a refresh token from the browser, the token is provided in a refresh-token.txt file that the browser downloads. The token in the text file is an "offline" token that remains valid if the token is used once every thirty days. You can use the refresh token to generate access tokens.

Obtaining a Refresh Token from the Browser

To get a refresh token from a browser:

Open a private browsing or incognito browser window and enter the following URL:
https://token-service.$UA_DOMAIN/refresh-token-download
NOTE
UA_DOMAIN is the variable for the cluster DNS domain. For example, if the cluster DNS domain is my-aie.com, then the UA_DOMAIN is my-aie.com.
Enter your Unified Analytics user credentials.
Upon successful authentication and cluster access, the browser triggers the download of the refresh-token.txt file that contains a current refresh token.
(Optional) Use the refresh token to generate access tokens. See Using Refresh Tokens.

For information about token lifetimes, including how to customize token lifetimes, see Changing Auth Token Settings in Keycloak.

Partners Support Dev-Hub Community Training ALA Privacy Policy Glossary

HPE Ezmeral Unified Analytics Software 1.5 Documentation
Abstract	HPE Ezmeral Unified Analytics Software is a usage-based Software-as-a-Service (SaaS) model that operationalizes hybrid and multi-cloud modern analytical workloads through a simple user interface, easily installed and deployed in minutes. HPE Ezmeral Unified Analytics Software separates compute and storage for flexible, cost-efficient scalability to securely access data stored in multiple data platforms, enabling you to run traditional and advanced analytics workloads with open-source tools.
Published	March 2025
Edition	1.5.0
Topic last updated	2025-03-04