Skip to content

docs: add azure IAM authentication #2793

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
danielnelson merged 1 commit into from
Mar 19, 2026
Merged

docs: add azure IAM authentication #2793

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
29 changes: 29 additions & 0 deletions site/docs/reference/Connectors/materialization-connectors/SQLServer/sqlserver.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -76,6 +76,29 @@ GRANT CONTROL ON DATABASE::<database> TO flow_materialize;

- Find the instance's host under Server Name. The port is always `1433`. Together, you'll use the host:port as the `address` property when you configure the connector.

#### IAM Authentication

Instead of using username/password authentication, you can optionally use an
Azure App Registration to access the database.

Follow the steps in the [Azure IAM guide][azure-iam] to create an App
Registration and make note of the Application ID and Tenant ID to use when
configuring the connector's authentication options.

Ensure that the SQL logical server has Entra authentication enabled and connect
to the Azure SQL Database as the Entra admin. This can be done from the
Database Query Editor. Run the following commands to create a user for the App
Registration:

```sql
CREATE USER [my-app-registration-name] FROM EXTERNAL PROVIDER;
ALTER ROLE db_datareader ADD MEMBER [my-app-registration-name];
ALTER ROLE db_datawriter ADD MEMBER [my-app-registration-name];
ALTER ROLE db_ddladmin ADD MEMBER [my-app-registration-name];
```

[azure-iam]: /guides/iam-auth/azure/

## Configuration

To use this connector, begin with data in one or more Estuary collections.
Expand Down Expand Up @@ -108,6 +131,12 @@ Credentials for authentication. Use one of the following sets of options:
| **`/credentials/aws_role_arn`** | AWS Role ARN | IAM Role to assume. | string | Required |
| **`/credentials/aws_region`** | AWS Region | AWS Region to authenticate in. | string | Required |

| Property | Title | Description | Type | Required/Default |
| ---------------------------------------- | ----------------------- | -------------------------------------------------------- | ------- | -------------------- |
| **`/credentials/auth_type`** | Auth Type | Method to use for authentication. | string | Required: `AzureIAM` |
| **`/credentials/azure_client_id`** | Azure Client ID | Application (client) ID of the App Registration. | string | Required |
| **`/credentials/azure_tenant_id`** | Azure Tenant ID | Directory (tenant) ID of the App Registration. | string | Required |

#### Bindings

| Property | Title | Description | Type | Required/Default |
Expand Down
Loading