Authentication settings for the Databricks ODBC Driver
This article describes how to configure Azure Databricks authentication settings for the Databricks ODBC Driver.
The Databricks ODBC Driver supports the following Azure Databricks authentication types:
Azure Databricks personal access token
To create an Azure Databricks personal access token, do the following:
- In your Azure Databricks workspace, click your Azure Databricks username in the top bar, and then select Settings from the drop down.
- Click Developer.
- Next to Access tokens, click Manage.
- Click Generate new token.
- (Optional) Enter a comment that helps you to identify this token in the future, and change the token's default lifetime of 90 days. To create a token with no lifetime (not recommended), leave the Lifetime (days) box empty (blank).
- Click Generate.
- Copy the displayed token to a secure location, and then click Done.
Note
Be sure to save the copied token in a secure location. Do not share your copied token with others. If you lose the copied token, you cannot regenerate that exact same token. Instead, you must repeat this procedure to create a new token. If you lose the copied token, or you believe that the token has been compromised, Databricks strongly recommends that you immediately delete that token from your workspace by clicking the trash can (Revoke) icon next to the token on the Access tokens page.
If you are not able to create or use tokens in your workspace, this might be because your workspace administrator has disabled tokens or has not given you permission to create or use tokens. See your workspace administrator or the following topics:
To authenticate using an Azure Databricks personal access token, add the following configurations to your compute settings and any special or advanced driver capability settings:
| Setting | Value |
|---|---|
AuthMech |
3 |
UID |
token |
PWD |
The Databricks personal access token for your workspace user |
To create a DSN for non-Windows systems, use the following format:
[Databricks]
Driver=<path-to-driver>
Host=<server-hostname>
Port=443
HTTPPath=<http-path>
SSL=1
ThriftTransport=2
AuthMech=3
UID=token
PWD=<personal-access-token>
To create a DSN-less connection string, use the following format. Line breaks have been added for readability. The string must not contain these line breaks:
Driver=<path-to-driver>;
Host=<server-hostname>;
Port=443;
HTTPPath=<http-path>;
SSL=1;
ThriftTransport=2;
AuthMech=3;
UID=token;
PWD=<personal-access-token>
- To get the value for
<path-to-driver>, see Download and install the Databricks ODBC Driver. - To get the values for
<server-hostname>and<http-path>, see Compute settings for the Databricks ODBC Driver. - You can also add special or advanced driver capability settings.
Azure managed identities authentication
ODBC driver 2.7.7 and above supports Azure managed identities authentication, which uses managed identities for Azure resources (formerly Managed Service Identities (MSI)) to authenticate with Azure Databricks. Programmatic calls to Azure Databricks workspace operations use these managed identities when working with Azure resources that support managed identities, such as Azure VMs.
- For information about managed identities, see What are managed identities for Azure resources?.
- To learn how to create a managed identity and give it permission to access Azure Databricks workspaces, see Set up and use Azure managed identities authentication for Azure Databricks automation.
To authenticate using Azure managed identities authentication, add the following configurations to your compute settings and any special or advanced driver capability settings:
| Setting | Value |
|---|---|
AuthMech |
11 |
Auth_Flow |
3 |
Auth_Client_ID |
The Azure managed identity's ID. |
Azure_workspace_resource_id |
The Azure resource ID for your Azure Databricks workspace. To get this ID, in your Azure Databricks workspace's top navigation bar, click your username and then click Azure Portal. On the Azure Databricks workspace resource page that appears, click Properties under Settings in the sidebar. The ID is in Id under Essentials. |
To create a DSN for non-Windows systems, use the following format:
[Databricks]
Driver=<path-to-driver>
Host=<server-hostname>
Port=443
HTTPPath=<http-path>
SSL=1
ThriftTransport=2
AuthMech=11
Auth_Flow=3
Auth_Client_ID=<azure-managed-identity-ID>
Azure_workspace_resource_id=<azure-workspace-resource-ID>
To create a DSN-less connection string, use the following format. Line breaks have been added for readability. The string must not contain these line breaks:
Driver=<path-to-driver>;
Host=<server-hostname>;
Port=443;
HTTPPath=<http-path>;
SSL=1;
ThriftTransport=2;
AuthMech=11;
Auth_Flow=3;
Auth_Client_ID=<azure-managed-identity-ID>;
Azure_workspace_resource_id=<azure-workspace-resource-ID>
- To get the value for
<path-to-driver>, see Download and install the Databricks ODBC Driver. - To get the values for
<server-hostname>and<http-path>, see Compute settings for the Databricks ODBC Driver. - You can also add special or advanced driver capability settings.