Skip to main content

LiveRamp Embedded Identity in Databricks

LiveRamp's Embedded Identity is available in Databricks through a packaged clean room. A packaged clean room is a pre-defined analysis packaged by one party for another party to run. This allows you to access Identity Resolution functions as a notebook for execution on data residing in your Databricks account. None of your data is accessible by LiveRamp and none of our data is accessible by you with the packaged clean room functionality.

There is currently one available operation that you can perform using Embedded Identity in Databricks:

  • RampID Identity Resolution: This solution allows you to resolve an identifier (PII, such as name, address, email, hashed email, or phone) to LiveRamp's person-based, pseudonymous identifier, RampID. For more information, see "Perform RampID Identity Resolution in Databricks".

    Note

    This workflow is in limited availability and is by invitation only.

Enabling LiveRamp Embedded Identity in Databricks

To enable LiveRamp Embedded Identity in Databricks, the following tasks must be performed:

  1. You execute an agreement with LiveRamp to access the service.

  2. LiveRamp reviews the use case, including any additional Data Ethics reviews if required.

  3. If you don’t already have credentials for LiveRamp's Identity API, LiveRamp sends you a client ID and a secret for authentication (for more information, see the "Authentication" section below).

  4. You create a packaged clean room.

Note

We recommend that clean room creation be performed by a user with the following permissions: CREATE CLEAN ROOM, CREATE SHARE, CREATE RECIPIENT, USE SHARE, and USE RECIPIENT.

Once these steps have been performed, you can perform identity resolution operations in Databricks.

Authentication

The LiveRamp Identity Service in Databricks relies on the same authentication service as LiveRamp's AbiliTec API and RampID API (Identity APIs). If you have credentials for those APIs, you can use your previously assigned credentials. If you do not already have credentials for one of LiveRamp's Identity APIs, LiveRamp will send you a client ID and a secret for authentication.

Authenticating with LiveRamp's Embedded Identity service requires a call to LiveRamp's core services within the process.

Client credentials are used to obtain an access token by passing the client ID and client secret values. For information, see "About Identity Authentication".

Create a Packaged Clean Room

To create a packaged clean room in Databricks:

  1. In Databricks, navigate to Clean Rooms within the Catalog Explorer.

  2. Click Create Clean Room.

    I-Embedded_Identity_Databricks-Create_Clean_Room_button.png

  3. In the Clean room type area, select the "Packaged Clean Room" option.

    I-Embedded_Identity_Databricks-Select_Clean_Room_type.png

  4. Enter a name for the clean room.

  5. Adjust the cloud and region, if necessary.

    Note

    If you have any questions about egress costs for your selected cloud and region, contact your LiveRamp representative.

  6. In the Designated Clean Room package provider area, select Invited collaborator.

    I-Embedded_Identity_Databricks-Select_provider.png

  7. In the Clean Room sharing identifier field, enter LiveRamp’s Embedded Identity offering identitfier: aws:us-east-2:02706dcc-9257-402b-ad70-490d47891319:3039245420810238:717a9578-ea66-4fe2-8153-8a992bdb33b3

  8. In the Network access area:

    I-Embedded_Identity_Databricks-Select_network_access.png

    1. Select Restricted Internet access to allow for two endpoints to share details with LiveRamp.

    2. Enter the Authentication endpoint to create an integration to LiveRamp’s auth API and enable the packaged clean room to use it: us.aws.us-east-2.prod.embedded.cloud-native.liveramp.com

    3. Click Add destination.

    4. Enter the Metrics endpoint to create an integration with LiveRamp’s billing API (to ensure that metrics can be tracked): embedded-identity-billing-gateway-ajm9gcm4.uc.gateway.dev

  9. In the Shared output area, slide the toggle to the right to enable logging and metrics.

    Note

    This enables you to understand performance and enables information to be shared with LiveRamp for debugging and application health.

  10. Click Create clean room.

Once the creation process completes, the new clean room now appears in your list of clean rooms and can be used to perform identity resolution in Databricks.

Note

The user that creates the clean room becomes the clean room owner. Additional users can be granted access to the clean room to perform those tasks by giving them the ALL PRIVILEGES permission, but only the user that creates the clean room will be the clean room owner.

In this section: