(warning) The Data Prep (Paxata) documentation is now available on the DataRobot public documentation site. See the Data Prep section for user documentation and connector information. After the 2021.2 SP1 release, the content on this site will be removed and replaced with a link to the DataRobot public documentation site.

MS Azure SQL Connector Documentation

User Persona: Paxata User - Paxata Admin - Data Source Admin - IT/DevOps

*Note: This document covers all configuration fields available during Connector setup. Some fields may have already been filled out by your Admin at an earlier step of configuration and may not be visible to you. For more information on Paxata’s Connector Framework, please see here.Also: Your Admin may have named this Connector something else in the list of Data Sources.

Configuring Paxata

The Data Prep JDBC Connector allows you to connect to the Microsoft Azure SQL Database. This topic provides details for setting up a connection to Azure SQL Database. See also the JDBC article, for guidelines on configuring the connection.

Example JDBC URI

jdbc:sqlserver://serverName.database.windows.net:serverPortNumber;encrypt=true;trustServerCertificate=false;hostNameInCertificate=*.database.windows.net;loginTimeout=30;database=databaseName'

Example JDBC URI for Multi-Factor Authentication

Following is an example of a JDBC URI for configurations that use Active Directory Multi-Factor Authentication:


jdbc:sqlserver://<serverName>.database.windows.net:<serverPortNumber>;encrypt=true;trustServerCertificate=false;hostNameInCertificate=*.database.windows.net;loginTimeout=30;database=<databaseName>;authentication=ActiveDirectoryInterActive;clientid=<azure_registered_app’s_client_id>;

Technical Specs

Driver Specs

  • Microsoft Azure SQL Database driver name & version: 
    • Driver Classname: com.microsoft.sqlserver.jdbc.PxMSSQLDriver
    • Version: 9.2.1.jre8

  • Supported Microsoft Azure SQL Database versions: 
    • Azure SQL Database
    • Azure SQL Managed Instance (Extended Private Preview)

Set up Active Directory Multi-Factor Authentication

The MS Azure SQL Connector supports Active Directory (AD) Multi-Factor Authentication (MFA), allowing users to authenticate using two or more verification factors interactively.

To support MFA interactively, add the following connection properties to the JDBC URL:

authentication=ActiveDirectoryInterActive
clientid=<azure_registered_app’s_client_id>

Register the Multi-Factor Authentication app

To set up Multi-Factor Authentication, you need to register an app that allows the Microsoft identity platform to provide authentication and authorization services for the Data Prep (Paxata) MFA application and its users.

Tip: To set up the app in the Microsoft identify platform, follow the guidelines below and also refer to the Quickstart: Register an application with the Microsoft identity platform.

The application client ID of the MFA app is required in the JDBC URL so that once you complete the MFA process, the Microsoft identity platform will redirect you to the Data Prep (Paxata) instance’s endpoint (specified in the Redirect URI format section).

During app registration on the Microsoft identify platform, you must do the following:

  • Ensure that the app is authorized to call the Azure SQL Database API when an AD user grants permission. The following shows an example of the settings in the Microsoft identity platform:



  • On the Platform configurations page, under Mobile and desktop applications, set up the redirect URI. After completing MFA with the Azure SQL database, the Microsoft identity platform uses the URI to redirect and send security tokens from your client to the Data Prep (Paxata) application.


Note: You need a separate app registration per instance to manage your organization's account. If your organization has multi-tenant access to Data Prep, you can have one MFA app for all of the tenants. You just need to add the redirect URIs for each tenant on the Platform configurations page.

Redirect URI format 

http(s)://<paxata_instance_host_name>/interactive-msal-token

Example of Redirect URI

https://datarobot.paxata.com/interactive-msal-token


Once you have set up the app, the configured permissions look similar to the following:


Multi-Factor Authentication process

  1. Configure the JDBC URL on the Data Prep (Paxata) Data Sources page with these settings:
    authentication=ActiveDirectoryInterActive
    clientid=<azure_registered_app’s_client_id>

  2. For Credentials, enter only the Active Directory user name. The password is not needed.



  3. Click Test Data Source.




  4. A new tab opens in the browser with a login screen set to the Active Directory user name and password. Click Sign in.

  5. Once your user name and password are authenticated, perform the second verification factor and any additional required verification factors (the verification factors are based on how your MFA account was set up).



  6. Once you verify all factors, the Microsoft identity platform redirects you to the Data Prep application.




  7. Close the window and return to the Data Source configuration page.



Note: If the MFA authentication process has not completed within two minutes, you will receive a message that either the wrong client ID was specified in the JDBC URL, the authentication token has not been received yet, or you do not have access to the requested resource.

Driver Documentation

Additional Documentation