Version 24.2.9064

• Add the Azure Cosmos DB Connector
• Verify the Role Assignment for Your Azure Identity
• Authenticate to Azure Cosmos DB
  • Account Key
  • Azure Active Directory
  • Azure Service Principal
  • Azure Service Principal Certificate
• Complete Your Connection
• More Information

You can use the Azure Cosmos DB connector from the CData Sync application to capture data from Azure Cosmos DB and move it to any supported destination. To do so, you need to add the connector, authenticate to the connector, and complete your connection.

Add the Azure Cosmos DB Connector

To enable Sync to use data from Azure Cosmos DB, you first must add the connector, as follows:

1. Open the Connections page of the Sync dashboard.

2. Click Add Connection to open the Select Connectors page.

3. Click the Sources tab and locate the Azure Cosmos DB row.

4. Click the Configure Connection icon at the end of that row to open the New Connection page. If the Configure Connection icon is not available, click the Download Connector icon to install the Azure Cosmos DB connector. For more information about installing new connectors, see Connections.

Verify the Role Assignment for Your Azure Identity

Before you connect to Azure Cosmos DB, you need to ensure that your Azure identity is assigned the correct role. The identity is the account that you use to log in to the browser (during Azure Active Directory authentication) or into the application (for Azure Service Principal authentication).

You can create custom role definitions:

• CosmosDB Built-in Data Reader

• CosmosDB Built-in Data Contributor

In addition, you can create custom role definintions.

You must also set the scope of the role assignment, where “/” specifies that the identity can access all the databases.

For more details about assigning roles, see Configure role-based access control with Microsoft Entra ID for your Cosmos DB account.

Authenticate to Azure Cosmos DB

After you add the connector, you need to set the required properties.

• Connection Name - Enter a connection name of your choice.

• Account Endpoint - Enter the Cosmos DB account URL. This URL is available the Keys blade (Settings > Keys) of your Cosmos DB accountof your Cosmos DB account.

CData Sync supports authenticating to Azure Cosmos DB in several ways. Select your authentication method below to proceed to the relevant section that contains the authentication details.

• AccountKey (default)
• AzureAD
• AzureServicePrincipal
• AzureServicePrincipalCert

Account Key

To connect with account-key credentials, specify the following properties:

• Auth Scheme - Select AccountKey.

• Account Key (default) - Enter the master key token or resource token that is required to connect to the Azure Cosmos DB REST API.

• Token Type - Select the type of token (master or resource) that you are using in the Account Key field. The default token type is master.

Azure Active Directory

To connect with an Azure Active Directory (AD) user account, select Azure AD for Auth Scheme. CData Sync provides an embedded OAuth application with which to connect so no additional properties are required.

Azure Service Principal

To connect with an Azure service principal and client secret, set the following properties:

• Auth Scheme - Select Azure Service Principal.

• Azure Tenant - Enter the Microsoft Online tenant to which you want to connect.

• OAuth Client Id - Enter the client Id that you were assigned when you registered your application with an OAuth authorization server.

• OAuth Client Secret - Enter the client secret that you were assigned when you registered your application with an OAuth authorization server.

To obtain the OAuth client Id and client secret for your application:

1. Log in to the Azure portal.

2. In the left navigation pane, select All services. Then, search for and select App registrations.

3. Click New registrations.

4. Enter an application name and select Any Azure AD Directory - Multi Tenant. Set the redirect URI to the value that is specified for CallbackURL.

5. After you create the application, copy the application (client) Id value that is displayed in the Overview section. Use this value as the OAuth client Id.

6. Navigate to the Certificates & Secrets section and select New Client Secret for the application.

7. Specify the duration and save the client secret. After you save it, the key value is displayed.

8. Copy this value because it is displayed only once. You will use this value as the OAuth client secret.

9. On the Authentication tab, make sure to select Access tokens (used for implicit flows).

Azure Service Principal Certificate

To connect with an Azure service principal and client certificate, set the following properties:

• Auth Scheme - Select Azure Service Principal Cert.

• Azure Tenant - Enter the Microsoft Online tenant to which you want to connect.

• OAuth Client Id - Enter the client Id that you were assigned when you registered your application with an OAuth authorization server.

• OAuth JWT Cert – Enter your Java web tokens (JWT) certificate store.

• OAuth JWT Cert Type – Enter the type of key store that contains your JWT Certificate. The default type is PEMKEY_BLOB.

• OAuth JWT Cert Password (optional) – Enter the password for your OAuth JWT certificate.

• OAuth JWT Cert Subject (optional) – Enter the subject of your OAuth JWT certificate.

To obtain the OAuth certificate for your application:

1. Log in to the Azure portal.

2. In the left navigation pane, select All services. Then, search for and select App registrations.

3. Click New registrations.

4. Enter an application name and select Any Azure AD Directory - Multi Tenant. Set the redirect URI to the value that is specified for CallbackURL.

5. After you create the application, copy the application (client) Id value that is displayed in the Overview section. Use this value as the OAuth client Id.

6. Navigate to the Certificates & Secrets section and select Upload certificate. Then, select the certificate to upload from your local machine.

7. Specify the duration and save the client secret. After you save it, the key value is displayed.

8. Copy this value because it is displayed only once. You will use this value as the OAuth client secret.

9. On the Authentication tab, make sure to select Access tokens (used for implicit flows).

Complete Your Connection

To complete your connection:

1. For the Schema property (optional), enter the schema (the Azure Cosmos DB database) with which you want to work.

2. Define advanced connection settings on the Advanced tab. (In most cases, though, you should not need these settings.)

3. If you authenticate with AzureAD, click Connect to Azure Cosmos DB to connect to your Azure Cosmos DB account.

4. Click Create & Test to create your connection.

More Information

For more information about interactions between CData Sync and Azure Cosmos DB, see Azure Cosmos DB Connector for CData Sync.