The Azure Synapse connector is a Palantir-provided driver for Azure Synapse.
To create a new Azure Synapse source, follow the standard setup flow for Palantir-provided drivers, then use the sections below for Azure Synapse-specific configuration and networking. For the complete property reference, see the official Azure Synapse driver documentation ↗.
The properties below are mandatory or recommended.
| Property | Required? | Description | Default |
|---|---|---|---|
AuthScheme ↗ | Mandatory | The scheme used for authentication. Accepted entries are Password, AzureAD, AzureServicePrincipal, AzureServicePrincipalCert, AzureMSI, AzurePassword. | Password |
Database ↗ | Mandatory | The name of the Synapse database. | — |
Encrypt ↗ | Mandatory | This field sets whether SSL is enabled and whether the 'Strict' encryption type is used. | TRUE |
Server ↗ | Mandatory | The name of the server running Synapse. | {serverAddress} |
InitiateOAuth ↗ | Recommended | Specifies the process for obtaining or refreshing the OAuth access token, which maintains user access while an authenticated, authorized user is working. | REFRESH |
OAuthClientId ↗ | Recommended | Specifies the client ID (also known as the consumer key) assigned to your custom OAuth application. This ID is required to identify the application to the OAuth authorization server during authentication. | — |
OAuthClientSecret ↗ | Recommended | Specifies the client secret assigned to your custom OAuth application. This confidential value is used to authenticate the application to the OAuth authorization server. | — |
Password ↗ | Recommended | Specifies the password of the authenticating user account. | — |
Port ↗ | Recommended | The port of the Synapse. | 1433 |
User ↗ | Recommended | Specifies the user ID of the authenticating Azure Synapse user account. | — |
The table below lists the domains that the source needs to be able to access in order to successfully run.
For each domain, add a corresponding egress policy. If the source is hosted on-premises and not directly reachable from Foundry, use an agent proxy egress policy instead; the agent host itself must also be able to reach the listed domains. See using an agent as a proxy for details.
| Domain | Required |
|---|---|
| <Server>:<Port> | Always. Server and Port connection properties (default Port=1433) |
| <StorageAccountLocation> | Used for staging data in COPY mode |
| login.microsoftonline.com | If AuthScheme=AzureAD, AzureServicePrincipal, AzureServicePrincipalCert, AzurePassword AND AzureEnvironment=GLOBAL (default) |
| login.chinacloudapi.cn | If AuthScheme=AzureAD, AzureServicePrincipal , AzureServicePrincipalCert, AzurePassword AND AzureEnvironment=CHINA |
| login.microsoftonline.us | If AuthScheme=AzureAD, AzureServicePrincipal, AzureServicePrincipalCert, AzurePassword AND AzureEnvironment=USGOVT or USGOVTDOD |