Skip to content

Add Microsoft Entra ID authentication methods to the MS SQL family destinations (SQL Server, Synapse, Fabric) #4145

Description

@sdebruyn

Feature description

Add Microsoft Entra ID authentication to the mssql, synapse, and fabric destinations, covering both driver-native methods and token methods where dlt acquires and injects an access token.

Use case

The MS SQL family destinations authenticate with SQL Server logins (username and password). Many Azure users, and all Fabric Warehouse users, authenticate with Microsoft Entra ID instead. Fabric Warehouse does not accept SQL logins at all, so without Entra ID support the destination cannot connect. Service principal, Azure CLI, environment, and managed-identity authentication are also needed for unattended/CI runs and for setups where no interactive login is available.

Proposed solution

Add an authentication setting that selects one of:

  • driver-native methods handled by the ODBC driver: ActiveDirectoryServicePrincipal, ActiveDirectoryPassword, ActiveDirectoryIntegrated, ActiveDirectoryInteractive;
  • token methods where dlt uses azure-identity to acquire an access token and injects it through attrs_before, so they work cross-platform: cli, environment, interactive, devicecode, managedidentity, and auto/default (DefaultAzureCredential).

For Fabric, default to ActiveDirectoryServicePrincipal and fall back to DefaultAzureCredential when no service principal secret is configured.

Related issues

N/A

Metadata

Metadata

Assignees

Labels

FeaturedestinationIssue with a specific destinationneeds decisionActionable; needs maintainer decision on whether to implement.

Type

No type

Fields

No fields configured for issues without a type.

Projects

Status
Done

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions