CData Cloud offers access to Azure Active Directory across several standard services and protocols, in a cloud-hosted solution. Any application that can connect to a MySQL or SQL Server database can connect to Azure Active Directory through CData Cloud.
CData Cloud allows you to standardize and configure connections to Azure Active Directory as though it were any other OData endpoint, or standard SQL Server/MySQL database.
This page provides a guide to Establishing a Connection to Azure Active Directory in CData Cloud, as well as information on the available resources, and a reference to the available connection properties.
Establishing a Connection shows how to authenticate to Azure Active Directory and configure any necessary connection properties to create a database in CData Cloud
Accessing data from Azure Active Directory through the available standard services and CData Cloud administration is documented in further details in the CData Cloud Documentation.
Connect to Azure Active Directory by selecting the corresponding icon in the Database tab. Required properties are listed under Settings. The Advanced tab lists connection properties that are not typically required.
Azure Service Principal is role-based application-based authentication. This means that authentication is done per application, rather than per user. All tasks taken on by the application are executed without a default user context, but based on the assigned roles. The application access to the resources is controlled through the assigned roles' permissions.
For information about how to set up Azure Service Principal authentication, see Creating a Custom OAuth Application.
If you are running Azure Active Directory on an Azure VM and want to leverage MSI to connect, set AuthScheme to AzureMSI.
When your VM has multiple user-assigned managed identities, you must also specify OAuthClientId.
Azure Service Principal is role-based application-based authentication. This means that authentication is done per application, rather than per user. All tasks taken by the app are done without a default user context, but based on the assigned roles. The application access to the resources is controlled through the assigned roles' permissions.
To use Azure Service Principal authentication, you must:
Do the following:
Admin consent occurs when the Admin for an Azure Active Directory tenant grants permissions to a custom application that explicitly requires an admin to consent to the use case.
When creating a new Azure AD application in the Azure Portal, you must specify which permissions the application requires. Some permissions may be marked as "Admin Consent Required". For example, all Groups permissions require Admin Consent. If your application requires admin consent, there are two ways you can do this.
The easiest way to grant admin consent is to have an admin log into portal.azure.com and navigate to the application you have created in App Registrations. Under API Permissions, click Grant Consent. This gives your application permissions on the tenant under which it was created.
If your organization has multiple tenants or you must grant application permissions for other tenants outside your organization, use the GetAdminConsentURL stored procedure to generate the Admin Authorization URL. Unlike the GetOAuthAuthorizationURL stored procedure, no important information is returned from this endpoint. Rather, after the OAuth application is successfully authorized, it returns a Boolean indicating that permissions have been granted.
After the administrator has approved the OAuth Application, you can continue to authenticate.
All permissions related to the client OAuth flow require admin consent. This means you cannot use the application embedded with the CData Cloud in the client OAuth flow. You must create your own OAuth application to use client credentials. See Creating a Custom OAuth Application for more information.
In your App Registration in portal.azure.com, navigate to API Permissions and select the Microsoft Graph permissions. There are two distinct sets of permissions: Delegated permissions and Application permissions. The permissions used during client credential authentication are under "Application Permissions".
Select the permissions you require for your integration. After you do this, set the following connection properties:
Authentication with client credentials takes place automatically like any other connection, except there is no window opened prompting the user. Because there is no user context, there is no need for a browser popup. Connections will take place and be handled internally.
By default, the Cloud attempts to negotiate SSL/TLS by checking the server's certificate against the system's trusted certificate store.
To specify another certificate, see the SSLServerCert property for the available formats to do so.
To connect through the Windows system proxy, you do not need to set any additional connection properties. To connect to other proxies, set ProxyAutoDetect to false.
In addition, to authenticate to an HTTP proxy, set ProxyAuthScheme, ProxyUser, and ProxyPassword, in addition to ProxyServer and ProxyPort.
Set the following properties:
This section shows the available API objects and provides more information on executing SQL to Azure Active Directory APIs.
Stored Procedures are function-like interfaces to Azure Active Directory. They can be used to modify information in Azure Active Directory.
The Cloud models the data in Azure Active Directory as a list of tables in a relational database that can be queried using standard SQL statements.
| Name | Description |
| Applications | Retrieves all applications for the authenticated user. |
| Devices | Retrieves all Devices for the authenticated user. |
| Domains | Retrieves all Domains for the authenticated user. |
| Groups | Retrieves all Azure Active Directory (Azure AD) groups, which can be Office 365 groups, or security groups. |
| Users | Retrieves all Azure AD user accounts within the authenticated permissions. |
Retrieves all applications for the authenticated user.
You can query Applications by specifying an Id or selecting all:
SELECT * FROM Applications WHERE Id = '037c5534-1059-4c71-9f1c-a9b887e34b03'
Select a certain column from the entity and filter by that column:
SELECT Id FROM Applications WHERE Id LIKE '%037c5534-1059-4c71-9f1c-a9b887e34b03%'
Specify a displayName in order to create a new Application, the displayName should be the name of the new Application:
INSERT INTO Applications (displayName) VALUES ('TestApp')
To update a Applications record you need to specify the Id in WHERE clause.
UPDATE Applications SET displayName = 'Test' WHERE Id = '037c5534-1059-4c71-9f1c-a9b887e34b03'
To delete an Application record, you need to specify the Id in WHERE clause.
DELETE FROM Applications WHERE Id = '480a2785-1c18-49ac-9a80-9dfc1b40e1f2'
| Name | Type | ReadOnly | Description |
| id [KEY] | String | False |
The id of the application. |
| addIns | String | False |
The addIns of the application. |
| api_acceptMappedClaims | Bool | False |
The api_acceptMappedClaims of the application. |
| api_knownClientApplications | String | False |
The api_knownClientApplications of the application. |
| api_oauth2PermissionScopes | String | False |
The api_oauth2PermissionScopes of the application. |
| api_preAuthorizedApplications | String | False |
The api_preAuthorizedApplications of the application. |
| api_requestedAccessTokenVersion | Int | False |
The api_requestedAccessTokenVersion of the application. |
| appId | String | False |
The appId of the application. |
| applicationTemplateId | String | False |
The applicationTemplateId of the application. |
| appRoles | String | False |
The appRoles of the application. |
| authenticationBehaviors_removeUnverifiedEmailClaim | Bool | False |
The authenticationBehaviors_removeUnverifiedEmailClaim of the application. |
| authenticationBehaviors_requireClientServicePrincipal | Bool | False |
The authenticationBehaviors_requireClientServicePrincipal of the application. |
| certification_certificationDetailsUrl | String | False |
The certification_certificationDetailsUrl of the application. |
| certification_certificationExpirationDateTime | Datetime | False |
The certification_certificationExpirationDateTime of the application. |
| certification_isCertifiedByMicrosoft | Bool | False |
The certification_isCertifiedByMicrosoft of the application. |
| certification_isPublisherAttested | Bool | False |
The certification_isPublisherAttested of the application. |
| certification_lastCertificationDateTime | Datetime | False |
The certification_lastCertificationDateTime of the application. |
| createdDateTime | Datetime | False |
The createdDateTime of the application. |
| defaultRedirectUri | String | False |
The defaultRedirectUri of the application. |
| description | String | False |
The description of the application. |
| disabledByMicrosoftStatus | String | False |
The disabledByMicrosoftStatus of the application. |
| displayName | String | False |
The displayName of the application. |
| groupMembershipClaims | String | False |
The groupMembershipClaims of the application. |
| identifierUris | String | False |
The identifierUris of the application. |
| info_logoUrl | String | False |
The info_logoUrl of the application. |
| info_marketingUrl | String | False |
The info_marketingUrl of the application. |
| info_privacyStatementUrl | String | False |
The info_privacyStatementUrl of the application. |
| info_supportUrl | String | False |
The info_supportUrl of the application. |
| info_termsOfServiceUrl | String | False |
The info_termsOfServiceUrl of the application. |
| isDeviceOnlyAuthSupported | Bool | False |
The isDeviceOnlyAuthSupported of the application. |
| isFallbackPublicClient | Bool | False |
The isFallbackPublicClient of the application. |
| keyCredentials | String | False |
The keyCredentials of the application. |
| logo | String | False |
The logo of the application. |
| notes | String | False |
The notes of the application. |
| oauth2RequirePostResponse | Bool | False |
The oauth2RequirePostResponse of the application. |
| optionalClaims_accessToken | String | False |
The optionalClaims_accessToken of the application. |
| optionalClaims_idToken | String | False |
The optionalClaims_idToken of the application. |
| optionalClaims_saml2Token | String | False |
The optionalClaims_saml2Token of the application. |
| parentalControlSettings_countriesBlockedForMinors | String | False |
The parentalControlSettings_countriesBlockedForMinors of the application. |
| parentalControlSettings_legalAgeGroupRule | String | False |
The parentalControlSettings_legalAgeGroupRule of the application. |
| passwordCredentials | String | False |
The passwordCredentials of the application. |
| publicClient_redirectUris | String | False |
The publicClient_redirectUris of the application. |
| publisherDomain | String | False |
The publisherDomain of the application. |
| requiredResourceAccess | String | False |
The requiredResourceAccess of the application. |
| samlMetadataUrl | String | False |
The samlMetadataUrl of the application. |
| serviceManagementReference | String | False |
The serviceManagementReference of the application. |
| servicePrincipalLockConfiguration_isEnabled | Bool | False |
The servicePrincipalLockConfiguration_isEnabled of the application. |
| servicePrincipalLockConfiguration_allProperties | Bool | False |
The servicePrincipalLockConfiguration_allProperties of the application. |
| servicePrincipalLockConfiguration_credentialsWithUsageVerify | Bool | False |
The servicePrincipalLockConfiguration_credentialsWithUsageVerify of the application. |
| servicePrincipalLockConfiguration_credentialsWithUsageSign | Bool | False |
The servicePrincipalLockConfiguration_credentialsWithUsageSign of the application. |
| servicePrincipalLockConfiguration_tokenEncryptionKeyId | Bool | False |
The servicePrincipalLockConfiguration_tokenEncryptionKeyId of the application. |
| signInAudience | String | False |
The signInAudience of the application. |
| spa_redirectUris | String | False |
The spa_redirectUris of the application. |
| tags | String | False |
The tags of the application. |
| tokenEncryptionKeyId | String | False |
The tokenEncryptionKeyId of the application. |
| verifiedPublisher_addedDateTime | Datetime | False |
The verifiedPublisher_addedDateTime of the application. |
| verifiedPublisher_displayName | String | False |
The verifiedPublisher_displayName of the application. |
| verifiedPublisher_verifiedPublisherId | String | False |
The verifiedPublisher_verifiedPublisherId of the application. |
| web_homePageUrl | String | False |
The web_homePageUrl of the application. |
| web_implicitGrantSettings_enableAccessTokenIssuance | Bool | False |
The web_implicitGrantSettings_enableAccessTokenIssuance of the application. |
| web_implicitGrantSettings_enableIdTokenIssuance | Bool | False |
The web_implicitGrantSettings_enableIdTokenIssuance of the application. |
| web_logoutUrl | String | False |
The web_logoutUrl of the application. |
| web_redirectUris | String | False |
The web_redirectUris of the application. |
Retrieves all Devices for the authenticated user.
You can query Devices by specifying an Id or selecting all:
SELECT * FROM Devices WHERE Id = '2b9c0347-9640-4ba4-bd2d-50965fb026e7'
Select a certain column from the entity and filter by that column:
SELECT * FROM Devices WHERE DisplayName LIKE '%Desk%'
Specify deviceId, accountEnabled, displayName, operatingSystem, operatingSystemVersion, and alternativeSecurityIds values in order to create a new Device:
INSERT INTO Devices (deviceId, accountEnabled, displayName, operatingSystem, operatingSystemVersion, alternativeSecurityIds) VALUES ('4c299165-6e8f-4b45-a5ba-c5d250a707ff', false, 'JustinBTest', 'Windows', '15.1', '[{"type":2,"key":"101010101011"}]')
To update a Device record you need to specify the Id in WHERE clause.
UPDATE Devices SET OperatingSystemVersion = 10.0.13439.0 WHERE Id = '6c32edb5-7f28-41f8-9965-f3f9a1718fde'
To delete a Device record, you need to specify the Id in WHERE clause.
DELETE FROM Devices WHERE Id = '6c32edb5-7f28-41f8-9965-f3f9a1718fde'
| Name | Type | ReadOnly | Description |
| id [KEY] | String | False |
The Id of the device. |
| deletedDateTime | Datetime | False |
The datetime when the device was deleted. |
| accountEnabled | Bool | False |
Indicator if device is account enabled. |
| alternativeSecurityIds | String | False |
The alternativeSecurityIds of the device. |
| approximateLastSignInDateTime | Datetime | False |
The approximateLastSignInDateTime of the device. |
| complianceExpirationDateTime | Datetime | False |
The complianceExpirationDateTime of the device. |
| deviceCategory | String | False |
The deviceCategory of the device. |
| deviceId | String | False |
The deviceId of the device. |
| deviceMetadata | String | False |
The deviceMetadata of the device. |
| deviceOwnership | String | False |
The deviceOwnership of the device. |
| deviceVersion | Int | False |
The deviceVersion of the device. |
| displayName | String | False |
The displayName of the device. |
| enrollmentProfileName | String | False |
The enrollmentProfileName of the device. |
| isCompliant | Bool | False |
Indicator if device is compliant. |
| isManaged | Bool | False |
Indicator if device is managed. |
| isManagementRestricted | Bool | False |
Indicator if device is management restricted. |
| mdmAppId | String | False |
The mdmAppId of the device. |
| onPremisesLastSyncDateTime | Datetime | False |
The onPremisesLastSyncDateTime of the device. |
| onPremisesSecurityIdentifier | String | False |
The onPremisesSecurityIdentifier of the device. |
| onPremisesSyncEnabled | Bool | False |
Indicator if device is on premises sync enabled. |
| operatingSystem | String | False |
The operatingSystem of the device. |
| operatingSystemVersion | String | False |
The operatingSystemVersion of the device. |
| physicalIds | String | False |
The physicalIds of the device. |
| profileType | String | False |
The profileType of the device. |
| registrationDateTime | Datetime | False |
The registrationDateTime of the device. |
| systemLabels | String | False |
The systemLabels of the device. |
| trustType | String | False |
The trustType of the device. |
Retrieves all Domains for the authenticated user.
You can query Domains by specifying an Id or selecting all:
SELECT * FROM Domains WHERE Id = 'rssbus.cn'
Select a certain column from the entity and filter by that column:
SELECT Id FROM Domains WHERE Id LIKE '%rssbus%'
Specify an Id in order to create a new Domain, the Id should be the name of the new Domain:
INSERT INTO Domains (Id) VALUES ('cdata.com')
To update a Domain record you need to specify the Id in WHERE clause.
UPDATE Domains SET passwordNotificationWindowInDays = 14 WHERE Id = 'cdata.com'
To delete a Domain record, you need to specify the Id in WHERE clause.
DELETE FROM Domains WHERE Id = 'cdata.com'
| Name | Type | ReadOnly | Description |
| id [KEY] | String | False |
The id of the domain. |
| authenticationType | String | False |
The authenticationType of the domain. |
| availabilityStatus | String | False |
The availabilityStatus of the domain. |
| isAdminManaged | Bool | False |
Indicator if domain is admin managed. |
| isDefault | Bool | False |
Indicator if domain is default. |
| isInitial | Bool | False |
Indicator if domain is initial. |
| isRoot | Bool | False |
Indicator if domain is root. |
| isVerified | Bool | False |
Indicator if domain is verified. |
| passwordNotificationWindowInDays | Int | False |
The passwordNotificationWindowInDays of the domain. |
| passwordValidityPeriodInDays | Int | False |
The passwordValidityPeriodInDays of the domain. |
| state_lastActionDateTime | Datetime | False |
The lastActionDateTime of the state. |
| state_operation | String | False |
The operation of the state. |
| state_status | String | False |
The status of the state. |
| supportedServices | String | False |
The supported services of the domain. |
Retrieves all Azure Active Directory (Azure AD) groups, which can be Office 365 groups, or security groups.
Groups require Administrator permissions. To work with them, you must create your own custom OAuth App and set the appropriate OAuthClientId and OAuthClientSecret. In this app, you must configure it to request the Group.Read.All and the Group.ReadWrite.All permissions. This can be done at https://apps.dev.microsoft.com, or in the App Registrations panel at http://portal.azure.com. See Creating a Custom OAuth Application for more details on creating a custom app.
To authorize Groups permissions, an administrator must grant the Groups permissions for your organization at large. This can be done via the administrator authorization endpoint. Simply have the administrator grant permissions. Then run the OAuth authorization as normal afterwards.
Note that if your organization has multiple tenants, you may replace the /common/ in the url with the tenant Id to indicate which tenant to grant permissions for.
Retrieve all groups, specify a GroupId (Id), or simply filter by a certain column:
SELECT * FROM Groups WHERE Id = '029b15a8-dfd1-460e-83b6-262a75328c13' SELECT Id, Description, DisplayName FROM Groups WHERE Name = 'test'
The following are required to create a new Security Group:
INSERT INTO Groups (DisplayName, MailEnabled, MailNickname, SecurityEnabled) VALUES ('Test group', false, 'test', true)
To update a group record you need to specify the Id in WHERE clause.
UPDATE Groups SET Description = 'updated description from api' WHERE Id = 'bc48eaf7-0dc6-45d1-b17a-5b5397466ee1'
To delete a group record, you need to specify the Id in WHERE clause.
DELETE FROM Groups WHERE Id = 'bc48eaf7-0dc6-45d1-b17a-5b5397466ee1'
Retrieve recently deleted groups. Deleted groups remain available for up to 30 days.
GETDELETED FROM Groups
| Name | Type | ReadOnly | Description |
| id [KEY] | String | False |
The Id of the group. |
| deletedDateTime | Datetime | False |
The datetime when the group was deleted. |
| allowExternalSenders | Bool | False |
The indicator showing if external senders should be allowed or not. |
| assignedLabels | String | False |
The assigned labels of the group. |
| assignedLicenses | String | False |
The assigned licenses of the group. |
| autoSubscribeNewMembers | Bool | False |
The indicator showing if new members should be autosubscribed. |
| classification | String | False |
The classification of the group. |
| createdDateTime | Datetime | False |
The created DateTime of the group. |
| description | String | False |
The description of the group. |
| displayName | String | False |
The display name of the group. |
| expirationDateTime | Datetime | False |
The expiration datetime of the group. |
| groupTypes | String | False |
The types of the group. |
| hasMembersWithLicenseErrors | Bool | False |
Indicator if there are members with license error. |
| hideFromAddressLists | Bool | False |
Whether or not to hide the group from address lists. |
| hideFromOutlookClients | Bool | False |
Whether or not to hide the group from Outlook Clients. |
| isArchived | Bool | False |
Indicator if group is archived. |
| isAssignableToRole | Bool | False |
Indicator if group is assignable to role. |
| isManagementRestricted | Bool | False |
Indicator if group is management restricted. |
| isSubscribedByMail | Bool | False |
Indicator if group is subscribed by email. |
| licenseProcessingState | String | False |
The license processing state of the group. |
| String | False |
The mail of the group. | |
| mailEnabled | Bool | False |
Indicator if mail is enabled in the group. |
| mailNickname | String | False |
The mail nickname of the group. |
| membershipRule | String | False |
The membership rule of the group. |
| membershipRuleProcessingState | String | False |
The membership rule processing state of the group. |
| onPremisesDomainName | String | False |
The Domain Name of the group. |
| onPremisesLastSyncDateTime | Datetime | False |
The LastSync DateTime of the group. |
| onPremisesProvisioningErrors | String | False |
The provisioning errors of the group. |
| onPremisesSamAccountName | String | False |
The Sam Account Name of the group. |
| onPremisesSecurityIdentifier | String | False |
The security identifier of the group. |
| onPremisesSyncEnabled | Bool | False |
Indicator if sync is enabled in the group. |
| preferredDataLocation | String | False |
The preferred data location of the group. |
| preferredLanguage | String | False |
Preferred language in the group. |
| proxyAddresses | String | False |
The proxy addresses of the group. |
| renewedDateTime | Datetime | False |
The renewed DateTime of the group. |
| securityEnabled | Bool | False |
Indicator if security is enabled in the group. |
| securityIdentifier | String | False |
The security identifier of the group. |
| serviceProvisioningErrors | String | False |
The service provisioning errors of the group. |
| theme | String | False |
The theme of the group. |
| unseenCount | Int | False |
The unseen count of the group. |
| visibility | String | False |
The visibility of the group. |
Retrieves all Azure AD user accounts within the authenticated permissions.
Query the Users table. The Cloud will use the Azure Active Directory API to process WHERE clause conditions built with the following columns and operators. The rest of the filter is executed client side within the Cloud.
For example, the following query is processed server side:
SELECT * FROM Users WHERE Id = '08d30c14-2775-45c9-8809-3eca47340959'
Note: when querying the Users table with an asterik (*), only the default columns will be returned. (i.e. businessPhones, displayName, givenName, id, jobTitle, mail, mobilePhone, officeLocation, preferredLanguage, surname, userPrincipalName)
To get the data for extra columns in the Users table, you must provide them in the query. For example:
SELECT id, department, officeLocation, state, displayName, mail FROM Users
The following are required to create a new organizational User:
INSERT INTO Users (AccountEnabled, DisplayName, MailNickname, UserPrincipalName, PasswordProfile_ForceChangePasswordNextSignIn, PasswordProfile_Password) VALUES (false, 'John Smith', 'JohnS', '[email protected]', true, '123password')
To update a user record you need to specify the Id in WHERE clause.
UPDATE Users SET JobTitle = 'New Job Title' WHERE Id = 'bc48eaf7-0dc6-45d1-b17a-5b5397466ee1'
To delete a user record, you need to specify the Id in WHERE clause.
DELETE FROM Users WHERE Id = 'bc48eaf7-0dc6-45d1-b17a-5b5397466ee1'
Retrieve recently deleted users. Deleted users remain available for up to 30 days.
GETDELETED FROM Users
| Name | Type | ReadOnly | Description |
| id [KEY] | String | False |
The id of the user. |
| deletedDateTime | Datetime | False |
The deletedDateTime of the user. |
| accountEnabled | Bool | False |
Indicates if accountEnabled for the user. |
| businessPhones | String | False |
The businessPhones of the user. |
| city | String | False |
The city of the user. |
| companyName | String | False |
The companyName of the user. |
| country | String | False |
The country of the user. |
| createdDateTime | Datetime | False |
The createdDateTime of the user. |
| department | String | False |
The department of the user. |
| displayName | String | False |
The displayName of the user. |
| employeeHireDate | Datetime | False |
The employeeHireDate of the user. |
| employeeId | String | False |
The employeeId of the user. |
| employeeOrgData_costCenter | String | False |
The employeeOrgData_costCenter of the user. |
| employeeOrgData_division | String | False |
The employeeOrgData_division of the user. |
| employeeType | String | False |
The employeeType of the user. |
| givenName | String | False |
The givenName of the user. |
| identities | String | False |
The identities of the user. |
| imAddresses | String | False |
The imAddresses of the user. |
| isManagementRestricted | Bool | False |
Indicator if user is management restricted. |
| isResourceAccount | Bool | False |
Indicates if it isResourceAccount of the user. |
| jobTitle | String | False |
The jobTitle of the user. |
| lastPasswordChangeDateTime | Datetime | False |
The lastPasswordChangeDateTime of the user. |
| String | False |
The mail of the user. | |
| mailNickname | String | False |
The mailNickname of the user. |
| mobilePhone | String | False |
The mobilePhone of the user. |
| officeLocation | String | False |
The officeLocation of the user. |
| onPremisesDistinguishedName | String | False |
The onPremisesDistinguishedName of the user. |
| onPremisesDomainName | String | False |
The onPremisesDomainName of the user. |
| onPremisesExtensionAttributes_extensionAttribute1 | String | False |
The onPremisesExtensionAttributes_extensionAttribute1 of the user. |
| onPremisesExtensionAttributes_extensionAttribute10 | String | False |
The onPremisesExtensionAttributes_extensionAttribute10 of the user. |
| onPremisesExtensionAttributes_extensionAttribute11 | String | False |
The onPremisesExtensionAttributes_extensionAttribute11 of the user. |
| onPremisesExtensionAttributes_extensionAttribute12 | String | False |
The onPremisesExtensionAttributes_extensionAttribute12 of the user. |
| onPremisesExtensionAttributes_extensionAttribute13 | String | False |
The onPremisesExtensionAttributes_extensionAttribute13 of the user. |
| onPremisesExtensionAttributes_extensionAttribute14 | String | False |
The onPremisesExtensionAttributes_extensionAttribute14 of the user. |
| onPremisesExtensionAttributes_extensionAttribute15 | String | False |
The onPremisesExtensionAttributes_extensionAttribute15 of the user. |
| onPremisesExtensionAttributes_extensionAttribute2 | String | False |
The onPremisesExtensionAttributes_extensionAttribute2 of the user. |
| onPremisesExtensionAttributes_extensionAttribute3 | String | False |
The onPremisesExtensionAttributes_extensionAttribute3 of the user. |
| onPremisesExtensionAttributes_extensionAttribute4 | String | False |
The onPremisesExtensionAttributes_extensionAttribute4 of the user. |
| onPremisesExtensionAttributes_extensionAttribute5 | String | False |
The onPremisesExtensionAttributes_extensionAttribute5 of the user. |
| onPremisesExtensionAttributes_extensionAttribute6 | String | False |
The onPremisesExtensionAttributes_extensionAttribute6 of the user. |
| onPremisesExtensionAttributes_extensionAttribute7 | String | False |
The onPremisesExtensionAttributes_extensionAttribute7 of the user. |
| onPremisesExtensionAttributes_extensionAttribute8 | String | False |
The onPremisesExtensionAttributes_extensionAttribute8 of the user. |
| onPremisesExtensionAttributes_extensionAttribute9 | String | False |
The onPremisesExtensionAttributes_extensionAttribute9 of the user. |
| onPremisesImmutableId | String | False |
The onPremisesImmutableId of the user. |
| onPremisesLastSyncDateTime | Datetime | False |
The onPremisesLastSyncDateTime of the user. |
| onPremisesProvisioningErrors | String | False |
The onPremisesProvisioningErrors of the user. |
| onPremisesSamAccountName | String | False |
The onPremisesSamAccountName of the user. |
| onPremisesSecurityIdentifier | String | False |
The onPremisesSecurityIdentifier of the user. |
| onPremisesSyncEnabled | Bool | False |
Indicates onPremisesSyncEnabled for the user. |
| onPremisesUserPrincipalName | String | False |
The onPremisesUserPrincipalName of the user. |
| otherMails | String | False |
The otherMails of the user. |
| passwordProfile_forceChangePasswordNextSignIn | Bool | False |
The passwordProfile_forceChangePasswordNextSignIn of the user. |
| passwordProfile_forceChangePasswordNextSignInWithMfa | Bool | False |
The passwordProfile_forceChangePasswordNextSignInWithMfa of the user. |
| passwordProfile_password | String | False |
The passwordProfile_password of the user. |
| postalCode | String | False |
The postalCode of the user. |
| preferredLanguage | String | False |
The preferredLanguage of the user. |
| serviceProvisioningErrors | String | False |
The service provisioning errors of the user. |
| state | String | False |
The state of the user. |
| streetAddress | String | False |
The streetAddress of the user. |
| surname | String | False |
The surname of the user. |
| userPrincipalName | String | False |
The userPrincipalName of the user. |
| userType | String | False |
The userType of the user. |
Views are similar to tables in the way that data is represented; however, views are read-only.
Queries can be executed against a view as if it were a normal table.
| Name | Description |
| AdministrativeUnitMembers | Retrieves all AdministrativeUnitMembers for the authenticated user. |
| AdministrativeUnits | Retrieves all AdministrativeUnits for the authenticated user. |
| Contacts | Retrieves the Contacts for the organization. |
| Contracts | Retrieves all contracts for the authenticated user. |
| DeviceLocalCredentials | Retrieves the local administrator account credential of a device object. |
| DeviceRegisteredOwners | DeviceRegisteredOwners table for Azure AD data provider. |
| DeviceRegisteredUsers | DeviceRegisteredUsers table for Azure AD data provider. |
| DirectoryAudits | Retrieves all directory audit items for the authenticated user. |
| DirectoryRoleMembers | DirectoryRoleMembers table for Azure AD data provider. |
| DirectoryRoles | Retrieves all DirectoryRoles for the authenticated user. |
| DirectoryRoleTemplates | Retrieves all DirectoryRoleTemplates for the authenticated user. |
| GroupApplicationRoleAssignments | GroupApplicationRoleAssignments table for Azure AD data provider. |
| GroupMembers | GroupMembers table for Azure AD data providers. |
| Organization | Retrieves the Organization for the authenticated user. |
| RoleAssignments | Retrieves the Role Assignments for the Azure AD. |
| RoleDefinitions | Retrieves the Role Definitions for the Azure AD. |
| SignIns | Retrieves the user sign-ins for your tenant. |
| UserApplicationRoleAssignments | UserApplicationRoleAssignments table for Azure AD data provider. |
| UserManagers | UserManagers table for Azure AD data provider. |
Retrieves all AdministrativeUnitMembers for the authenticated user.
Get the members of administrative units in your Azure Active Directory. You can filter results by UnitId and MemberId.
For example, the following queries are processed server side:
SELECT * FROM AdministrativeUnitMembers WHERE UnitId = '1721e354-9b76-49d5-bdf1-bb30a936c3ab'
SELECT * FROM AdministrativeUnitMembers WHERE MemberId IN (SELECT Id FROM Users)
| Name | Type | Description |
| UnitId [KEY] | String | The id of the administrativeUnit. |
| MemberId [KEY] | String | The User or Group Id of the user listed. |
Retrieves all AdministrativeUnits for the authenticated user.
Most filters are handled server side, but the specific field of Id will change the endpoint we use to retrieve the data. It must be specified with an '=' or IN condition.
For example:
SELECT * FROM AdministrativeUnits WHERE Id = '1721e354-9b76-49d5-bdf1-bb30a936c3ab'
SELECT * FROM AdministrativeUnits WHERE Id IN ('1721e354-9b76-49d5-bdf1-bb30a936c3ab')
SELECT * FROM AdministrativeUnits WHERE DisplayName LIKE '%Test%'
| Name | Type | Description |
| id [KEY] | String | The id of the administrativeUnit. |
| deletedDateTime | Datetime | The datetime when the administrativeUnit was deleted. |
| description | String | The description of the administrativeUnit. |
| displayName | String | The displayName of the administrativeUnit. |
| isMemberManagementRestricted | Bool | Indicator if administrativeUnit is member management restricted. |
| visibility | String | The visibility of the administrativeUnit. |
Retrieves the Contacts for the organization.
Most filters are handled server side, but the specific field of Id will change the endpoint we use to retrieve the data. It must be specified with an '=' or IN condition.
For example:
SELECT * FROM Contacts WHERE Id = '8b0a526e-178d-4494-a276-8819b74d7933'
SELECT * FROM Contacts WHERE Id IN ('8b0a526e-178d-4494-a276-8819b74d7933', 'a8f14261-fb3b-42f7-a27a-d29877b5010b')
SELECT * FROM Contacts WHERE DisplayName LIKE '%Test%'
| Name | Type | Description |
| id [KEY] | String | The id of the organizationalContact. |
| deletedDateTime | Datetime | The datetime when the contact was deleted. |
| addresses | String | The addresses of the organizationalContact. |
| companyName | String | The companyName of the organizationalContact. |
| department | String | The department of the organizationalContact. |
| displayName | String | The displayName of the organizationalContact. |
| givenName | String | The givenName of the organizationalContact. |
| jobTitle | String | The jobTitle of the organizationalContact. |
| String | The mail of the organizationalContact. | |
| mailNickname | String | The mailNickname of the organizationalContact. |
| onPremisesLastSyncDateTime | Datetime | The onPremisesLastSyncDateTime of the organizationalContact. |
| onPremisesProvisioningErrors | String | The provisioning errors of the organizationalContact. |
| onPremisesSyncEnabled | Bool | Indicator if organizationalContact is onPremisesSyncEnabled. |
| phones | String | The phones of the organizationalContact. |
| proxyAddresses | String | The proxyAddresses of the organizationalContact. |
| surname | String | The surname of the organizationalContact. |
Retrieves all contracts for the authenticated user.
Most filters are handled server side, but the specific field of Id will change the endpoint we use to retrieve the data. It must be specified with an '=' or IN condition.
For example:
SELECT * FROM Contracts WHERE Id = '8b0a526e-178d-4494-a276-8819b74d7933'
SELECT * FROM Contracts WHERE Id IN ('8b0a526e-178d-4494-a276-8819b74d7933')
SELECT * FROM Contracts WHERE DisplayName LIKE '%Test%'
| Name | Type | Description |
| id [KEY] | String | The id of the contract. |
| deletedDateTime | Datetime | The datetime when the contract was deleted. |
| contractType | String | The contractType of the contract. |
| customerId | String | The customerId of the contract. |
| defaultDomainName | String | The defaultDomainName of the contract. |
| displayName | String | The displayName of the contract. |
Retrieves the local administrator account credential of a device object.
Most filters are handled server side, but the specific field of Id will change the endpoint we use to retrieve the data. It must be specified with an '=' or IN condition.
For example:
SELECT * FROM DeviceLocalCredentials WHERE Id = '2183313c-ac52-4772-8482-7b2eb2a5d7c9_LBZWQ_311068785'
SELECT * FROM DeviceLocalCredentials WHERE Id IN ('2183313c-ac52-4772-8482-7b2eb2a5d7c9_LBZWQ_311068785')
SELECT * FROM DeviceLocalCredentials WHERE DeviceName LIKE '%Desktop%'
| Name | Type | Description |
| id [KEY] | String | The id of the deviceLocalCredential. |
| credentials | String | The credentials of the deviceLocalCredential. |
| deviceName | String | The deviceName of the deviceLocalCredential. |
| lastBackupDateTime | Datetime | The lastBackupDateTime of the deviceLocalCredential. |
| refreshDateTime | Datetime | The refreshDateTime of the deviceLocalCredential. |
DeviceRegisteredOwners table for Azure AD data provider.
Get the owners of registered Devices in your Azure Active Directory. You can filter results by DeviceId and OwnerId.
For example, the following queries are processed server side:
SELECT * FROM DeviceRegisteredOwners WHERE DeviceId = '2b9c0347-9640-4ba4-bd2d-50965fb026e7'
SELECT * FROM DeviceRegisteredOwners WHERE OwnerId IN (SELECT Id FROM Groups)
| Name | Type | Description |
| DeviceId [KEY] | String | The Id of the Device. |
| OwnerId [KEY] | String | The User Id of the owner listed. |
DeviceRegisteredUsers table for Azure AD data provider.
Get the users of registered Devices in your Azure Active Directory. You can filter results by DeviceId and UserId.
For example, the following queries are processed server side:
SELECT * FROM DeviceRegisteredUsers WHERE DeviceId = '2b9c0347-9640-4ba4-bd2d-50965fb026e7'
SELECT * FROM DeviceRegisteredUsers WHERE UsersId IN (SELECT Id FROM Users)
| Name | Type | Description |
| DeviceId [KEY] | String | The Id of the Device. |
| UserId [KEY] | String | The User Id of the user listed. |
Retrieves all directory audit items for the authenticated user.
Most filters are handled server side, but the specific field of Id will change the endpoint we use to retrieve the data. It must be specified with an '=' or IN condition.
For example:
SELECT * FROM DirectoryAudits WHERE Id = 'Directory_2183313c-ac52-4772-8482-7b2eb2a5d7c9_LBZWQ_311068785'
SELECT * FROM DirectoryAudits WHERE Id IN ('Directory_2183313c-ac52-4772-8482-7b2eb2a5d7c9_LBZWQ_311068785')
SELECT * FROM DirectoryAudits WHERE ActivityDisplayName LIKE '%Update%'
| Name | Type | Description |
| id [KEY] | String | The id of the DirectoryAudit. |
| activityDateTime | Datetime | The activityDateTime of the DirectoryAudit. |
| activityDisplayName | String | The activityDisplayName of the DirectoryAudit. |
| additionalDetails | String | The additionalDetails of the DirectoryAudit. |
| category | String | The category of the DirectoryAudit. |
| correlationId | String | The correlationId of the DirectoryAudit. |
| initiatedBy_app_appid | String | The initiatedBy_app_appid of the DirectoryAudit. |
| initiatedBy_app_displayName | String | The initiatedBy_app_displayName of the DirectoryAudit. |
| initiatedBy_app_servicePrincipalId | String | The initiatedBy_app_servicePrincipalId of the DirectoryAudit. |
| initiatedBy_app_servicePrincipalName | String | The initiatedBy_app_servicePrincipalName of the DirectoryAudit. |
| loggedByService | String | The loggedByService of the DirectoryAudit. |
| operationType | String | The operationType of the DirectoryAudit. |
| result | String | The result of the DirectoryAudit. |
| resultReason | String | The resultReason of the DirectoryAudit. |
| targetResources | String | The targetResources of the DirectoryAudit. |
DirectoryRoleMembers table for Azure AD data provider.
Get the members of Directory Roles in your Azure Active Directory. You can filter results by RoleId and UserId.
For example, the following queries are processed server side:
SELECT * FROM DirectoryRoleMembers WHERE RoleId = '25502c98-94df-43fa-baf7-4a105e200030'
SELECT * FROM DirectoryRoleMembers WHERE UserId IN (SELECT Id FROM Users)
| Name | Type | Description |
| RoleId [KEY] | String | The id of the directoryRole. |
| UserId [KEY] | String | The User Id of the user listed. |
Retrieves all DirectoryRoles for the authenticated user.
Most filters are handled server side, but the specific field of Id will change the endpoint we use to retrieve the data. It must be specified with an '=' or IN condition.
For example:
SELECT * FROM DirectoryRoles WHERE Id = '0f1032b0-ec73-4f72-836e-3b4411ea70c6'
SELECT * FROM DirectoryRoles WHERE RoleTemplateId = '4d6ac14f-3453-41d0-bef9-a3e0c569773a'
SELECT * FROM DirectoryRoles WHERE Id IN ('0f1032b0-ec73-4f72-836e-3b4411ea70c6', '081c8ba7-15a3-4c39-9972-053427b3c857')
SELECT * FROM DirectoryRoles WHERE DisplayName LIKE '%Admin%'
| Name | Type | Description |
| id [KEY] | String | The id of the directoryRole. |
| deletedDateTime | Datetime | The datetime when the directoryRole was deleted. |
| description | String | The description of the directoryRole. |
| displayName | String | The displayName of the directoryRole. |
| roleTemplateId | String | The roleTemplateId of the directoryRole. |
Retrieves all DirectoryRoleTemplates for the authenticated user.
Most filters are handled server side, but the specific field of Id will change the endpoint we use to retrieve the data. It must be specified with an '=' or IN condition.
For example:
SELECT * FROM DirectoryRoleTemplates WHERE Id = '62e90394-69f5-4237-9190-012177145e10'
SELECT * FROM DirectoryRoleTemplates WHERE Id IN ('62e90394-69f5-4237-9190-012177145e10', '2af84b1e-32c8-42b7-82bc-daa82404023b')
SELECT * FROM DirectoryRoleTemplates WHERE DisplayName LIKE '%Admin%'
| Name | Type | Description |
| id [KEY] | String | The id of the directoryRoleTemplate. |
| deletedDateTime | Datetime | The datetime when the directoryRoleTemplate was deleted. |
| description | String | The description of the directoryRoleTemplate. |
| displayName | String | The displayName of the directoryRoleTemplate. |
GroupApplicationRoleAssignments table for Azure AD data provider.
Get the group application roles assignments in your Azure Active Directory. You can filter results by GroupId.
For example, the following queries are processed server side:
SELECT * FROM GroupApplicationRoleAssignments WHERE GroupId = 'ffacf701-6caf-4228-9e3b-7e57c14122ee'
SELECT * FROM GroupApplicationRoleAssignments WHERE GroupId IN (SELECT Id FROM Groups)
| Name | Type | Description |
| GroupId [KEY] | String | The GroupId of the ApplicationRoleAssignment. |
| id [KEY] | String | The id of the ApplicationRoleAssignment. |
| appRoleId | String | The appRoleId of the ApplicationRoleAssignment. |
| createdDateTime | Datetime | The createdDateTime of the ApplicationRoleAssignment. |
| principalDisplayName | String | The principalDisplayName of the ApplicationRoleAssignment. |
| principalId | String | The principalId of the ApplicationRoleAssignment. |
| principalType | String | The principalType of the ApplicationRoleAssignment. |
| resourceDisplayName | String | The resourceDisplayName of the ApplicationRoleAssignment. |
| resourceId | String | The resourceId of the ApplicationRoleAssignment. |
GroupMembers table for Azure AD data providers.
Query the GroupMembers table by retrieving everything from Azure AD or by specifying the GroupId with = and IN operators. You can filter results by GroupId and MemberId.
For example, the following queries are processed server-side:
SELECT * FROM GroupMembers WHERE GroupId IN ('4729c5e5-f923-4435-8a41-44423d42ea79', 'acabe397-8370-4c31-aeb7-2d7ae6b8cda1')
SELECT * FROM GroupMembers WHERE GroupId = '4729c5e5-f923-4435-8a41-44423d42ea79'
| Name | Type | Description |
| GroupId [KEY] | String | The Id of the Group. |
| MemberId [KEY] | String | The User Id of the member listed. |
Retrieves the Organization for the authenticated user.
SELECT * FROM Organization
| Name | Type | Description |
| id [KEY] | String | The id of the organization. |
| deletedDateTime | Datetime | The datetime when the organization was deleted. |
| assignedPlans | String | The assignedPlans of the organization. |
| businessPhones | String | The businessPhones of the organization. |
| city | String | The city of the organization. |
| country | String | The country of the organization. |
| countryLetterCode | String | The countryLetterCode of the organization. |
| createdDateTime | Datetime | The createdDateTime of the organization. |
| defaultUsageLocation | String | The defaultUsageLocation of the organization. |
| displayName | String | The displayName of the organization. |
| marketingNotificationEmails | String | The marketingNotificationEmails of the organization. |
| mobileDeviceManagementAuthority | String | The mobileDeviceManagementAuthority of the organization. |
| onPremisesLastPasswordSyncDateTime | Datetime | The onPremisesLastPasswordSyncDateTime of the organization. |
| onPremisesLastSyncDateTime | Datetime | The onPremisesLastSyncDateTime of the organization. |
| onPremisesSyncEnabled | Bool | Indicator if organization is onPremisesSyncEnabled. |
| partnerTenantType | String | The partnerTenantType of the organization. |
| postalCode | String | The postalCode of the organization. |
| preferredLanguage | String | The preferredLanguage of the organization. |
| privacyProfile_contactEmail | String | The contactEmail of the privacyProfile. |
| privacyProfile_statementUrl | String | The statementUrl of the privacyProfile. |
| provisionedPlans | String | The provisionedPlans of the organization. |
| securityComplianceNotificationMails | String | The securityComplianceNotificationMails of the organization. |
| securityComplianceNotificationPhones | String | The securityComplianceNotificationPhones of the organization. |
| state | String | The state of the organization. |
| street | String | The street of the organization. |
| technicalNotificationMails | String | The technicalNotificationMails of the organization. |
| tenantType | String | The tenantType of the organization. |
| verifiedDomains | String | The verifiedDomains of the organization. |
Retrieves the Role Assignments for the Azure AD.
Most filters are handled server side, but the specific field of Id will change the endpoint we use to retrieve the data. It must be specified with an '=' or IN condition.
For example:
SELECT * FROM RoleAssignments WHERE Id = '4yeYchSc90m7G5YI8Va7uM8rSNTfthJJt-QfAs-zqcI-1' SELECT * FROM RoleAssignments WHERE RoleDefinitionId = '62e90394-69f5-4237-9190-012177145e10' SELECT * FROM RoleAssignments WHERE PrincipalId = 'e5d250bd-92b4-44b2-b002-bc559f6d79e5'
| Name | Type | Description |
| id [KEY] | String | The id of the roleAssignment. |
| condition | String | The condition of the roleAssignment. |
| roleDefinitionId | String | The roleDefinitionId of the roleAssignment. |
| principalId | String | The principalId of the roleAssignment. |
| directoryScopeId | String | The directoryScopeId of the roleAssignment. |
| appScopeId | String | The appScopeId of the roleAssignment. |
Retrieves the Role Definitions for the Azure AD.
Most filters are handled server side, but the specific field of Id will change the endpoint we use to retrieve the data. It must be specified with an '=' or IN condition.
For example:
SELECT * FROM RoleDefinitions WHERE Id = '62e90394-69f5-4237-9190-012177145e10'
SELECT * FROM RoleDefinitions WHERE Id IN ('62e90394-69f5-4237-9190-012177145e10', 'fe930be7-5e62-47db-91af-98c3a49a38b1')
SELECT * FROM RoleDefinitions WHERE DisplayName LIKE '%Admin%'
| Name | Type | Description |
| id [KEY] | String | The id of the roleDefinition. |
| allowedPrincipalTypes | String | The allowedPrincipalTypes of the roleDefinition. |
| description | String | The description of the roleDefinition. |
| displayName | String | The displayName of the roleDefinition. |
| isBuiltIn | Bool | Indicator if roleDefinition is Builtin. |
| isEnabled | Bool | Indicator if roleDefinition is Enabled. |
| isPrivileged | Bool | Indicator if roleDefinition is Privileged. |
| resourceScopes | String | The resourceScopes of the roleDefinition. |
| rolePermissions | String | The rolePermissions of the roleDefinition. |
| templateId | String | The templateId of the roleDefinition. |
| version | String | The version of the roleDefinition. |
Retrieves the user sign-ins for your tenant.
Most filters are handled server side, but the specific field of Id will change the endpoint we use to retrieve the data. It must be specified with an '=' or IN condition.
For example:
SELECT * FROM SignIns WHERE Id = '8b0a526e-178d-4494-a276-8819b74d7933'
SELECT * FROM SignIns WHERE Id IN ('8b0a526e-178d-4494-a276-8819b74d7933', 'a8f14261-fb3b-42f7-a27a-d29877b5010b')
SELECT * FROM SignIns WHERE ResourceDisplayName LIKE '%Test%'
| Name | Type | Description |
| id [KEY] | String | The id of the SignIns. |
| appDisplayName | String | The appDisplayName of the SignIns. |
| appId | String | The appId of the SignIns. |
| appliedConditionalAccessPolicies | String | The appliedConditionalAccessPolicies of the SignIns. |
| clientAppUsed | String | The clientAppUsed of the SignIns. |
| conditionalAccessStatus | String | The conditionalAccessStatus of the SignIns. |
| correlationId | String | The correlationId of the SignIns. |
| createdDateTime | Datetime | The createdDateTime of the SignIns. |
| deviceDetail_browser | String | The deviceDetail_browser of the SignIns. |
| deviceDetail_deviceId | String | The deviceDetail_deviceId of the SignIns. |
| deviceDetail_displayName | String | The deviceDetail_displayName of the SignIns. |
| deviceDetail_isCompliant | Bool | The deviceDetail_isCompliant of the SignIns. |
| deviceDetail_isManaged | Bool | The deviceDetail_isManaged of the SignIns. |
| deviceDetail_operatingSystem | String | The deviceDetail_operatingSystem of the SignIns. |
| deviceDetail_trustType | String | The deviceDetail_trustType of the SignIns. |
| ipAddress | String | The ipAddress of the SignIns. |
| isInteractive | Bool | The isInteractive of the SignIns. |
| signInLocation_city | String | The signInLocation_city of the SignIns. |
| signInLocation_countryOrRegion | String | The signInLocation_countryOrRegion of the SignIns. |
| signInLocation_state | String | The signInLocation_state of the SignIns. |
| resourceDisplayName | String | The resourceDisplayName of the SignIns. |
| resourceId | String | The resourceId of the SignIns. |
| riskDetail | String | The riskDetail of the SignIns. |
| riskEventTypes | String | The riskEventTypes of the DirectoryAudit. |
| riskEventTypes_v2 | String | The riskEventTypes_v2 of the DirectoryAudit. |
| riskLevelAggregated | String | The riskLevelAggregated of the SignIns. |
| riskLevelDuringSignIn | String | The riskLevelDuringSignIn of the SignIns. |
| riskState | String | The riskState of the SignIns. |
| signInStatus_additionalDetails | String | The signInStatus_additionalDetails of the SignIns. |
| signInStatus_errorCode | Int | The signInStatus_errorCode of the application. |
| signInStatus_failureReason | String | The signInStatus_failureReason of the SignIns. |
| userDisplayName | String | The userDisplayName of the SignIns. |
| userId | String | The userId of the SignIns. |
| userPrincipalName | String | The userPrincipalName of the SignIns. |
UserApplicationRoleAssignments table for Azure AD data provider.
Get the user application roles assignments in your Azure Active Directory. You can filter results by UserId.
For example, the following queries are processed server side:
SELECT * FROM UserApplicationRoleAssignments WHERE UserId = 'ffacf701-6caf-4228-9e3b-7e57c14122ee'
SELECT * FROM UserApplicationRoleAssignments WHERE UserId IN (SELECT Id FROM Users)
| Name | Type | Description |
| UserId [KEY] | String | The UserId of the ApplicationRoleAssignment. |
| id [KEY] | String | The id of the ApplicationRoleAssignment. |
| appRoleId | String | The appRoleId of the ApplicationRoleAssignment. |
| createdDateTime | Datetime | The createdDateTime of the ApplicationRoleAssignment. |
| principalDisplayName | String | The principalDisplayName of the ApplicationRoleAssignment. |
| principalId | String | The principalId of the ApplicationRoleAssignment. |
| principalType | String | The principalType of the ApplicationRoleAssignment. |
| resourceDisplayName | String | The resourceDisplayName of the ApplicationRoleAssignment. |
| resourceId | String | The resourceId of the ApplicationRoleAssignment. |
UserManagers table for Azure AD data provider.
Get the manager of users in your Azure Active Directory. You can filter results by UserId.
For example, the following queries are processed server side:
SELECT * FROM UserManagers WHERE UserId = 'ffacf701-6caf-4228-9e3b-7e57c14122ee'
SELECT * FROM UserManagers WHERE UserId IN (SELECT Id FROM Users)
| Name | Type | Description |
| UserId [KEY] | String | The UserId of the manager. |
| id [KEY] | String | The id of the manager. |
| displayName | String | The displayName of the manager. |
| jobTitle | String | The jobTitle of the manager. |
| String | The mail of the manager. | |
| userPrincipalName | String | The userPrincipalName of the manager. |
Stored procedures are function-like interfaces that extend the functionality of the Cloud beyond simple SELECT/INSERT/UPDATE/DELETE operations with Azure Active Directory.
Stored procedures accept a list of parameters, perform their intended function, and then return any relevant response data from Azure Active Directory, along with an indication of whether the procedure succeeded or failed.
| Name | Description |
| ActivateDirectoryRole | Activates a directory role. |
| AddGroupApplicationRoleAssignment | Add group to an Application Role Assignment. |
| AddGroupMember | Adds a member to a group. |
| AddMember | Add member to a directory role. |
| AddUserApplicationRoleAssignment | Add user to an Application Role Assignment. |
| CheckMemberObjectsForUser | Check for membership in groups, administrative units, or directory roles for a user. |
| FetchAdditionalUserFields | Fetch all T1, T2, and T3 fields for a specified user. |
| GetAdminConsentURL | Gets the admin consent URL that an admin of a given domain must open separately to grant access to your application. Only needed when using custom OAuth credentials. |
| PromoteDomain | Promotes a domain. |
| RemoveGroupApplicationRoleAssignment | Removes a group from an Application Role Assignment. |
| RemoveGroupMember | Remove a member from a Group. |
| RemoveMember | Removes a member from a directory role. |
| RemoveUserApplicationRoleAssignment | Remove a user from an Application Role Assignment. |
| VerifyDomain | Verifies a domain. |
Activates a directory role.
| Name | Type | Description |
| RoleTemplateId | String | The Id of the directoryRoleTemplate that the role is based on. |
| Name | Type | Description |
| Id | String | Id of the directory role activated. |
| RoleTemplateId | String | RoleTemplateId of the directory role activated. |
| DisplayName | String | DisplayName of the directory role activated. |
| Description | String | Description of the directory role activated. |
Add group to an Application Role Assignment.
| Name | Type | Description |
| ResourceId | String | The unique identifier of the resource. |
| AppRoleId | String | The unique identifier of the app role. |
| GroupId | String | The unique identifier of the group. |
| Name | Type | Description |
| Success | String | Whether the operation was successful. |
Adds a member to a group.
| Name | Type | Description |
| GroupId | String | The unique identifier of the group. |
| MemberId | String | The unique identifier of the member. |
| Name | Type | Description |
| Success | String | Whether the operation was successful. |
Add member to a directory role.
| Name | Type | Description |
| RoleId | String | The unique identifier of the directory role. |
| RoleTemplateId | String | The unique identifier of the directory role template. |
| UserId | String | The unique identifier of the user. |
| Name | Type | Description |
| Success | String | Whether the operation was successful. |
Add user to an Application Role Assignment.
| Name | Type | Description |
| ResourceId | String | The unique identifier of the resource. |
| AppRoleId | String | The unique identifier of the app role. |
| UserId | String | The unique identifier of the user. |
| Name | Type | Description |
| Success | String | Whether the operation was successful. |
Check for membership in groups, administrative units, or directory roles for a user.
| Name | Type | Description |
| UserId | String | The unique identifier of the user. |
| Ids | String | A collection of comma-seperated unique identifiers of the groups, administrative units, or directory roles in which to check membership. |
| Name | Type | Description |
| Success | String | Whether the operation was successful. |
| Value | String | The value of the response. |
Fetch all T1, T2, and T3 fields for a specified user.
| Name | Type | Description |
| UserId | String | The unique identifier of the user. |
| Name | Type | Description |
| * | String | Results of the query. |
Gets the admin consent URL that an admin of a given domain must open separately to grant access to your application. Only needed when using custom OAuth credentials.
| Name | Type | Description |
| CallbackUrl | String | The URL the user will be redirected to after authorizing your application. This value must match the Reply URL in the Azure AD app settings. |
| State | String | The same value for state that you sent when you requested the authorization code. |
| Scope | String | A space-separated list of scopes to request from the Admin.
The default value is https://graph.microsoft.com/group.readwrite.all https://graph.microsoft.com/user.read.all https://graph.microsoft.com/user.read https://graph.microsoft.com/directory.readwrite.all https://graph.microsoft.com/RoleManagement.ReadWrite.Directory https://graph.microsoft.com/directory.accessasuser.all https://graph.microsoft.com/domain.readwrite.all https://graph.microsoft.com/device.read.all https://graph.microsoft.com/RoleManagement.Read.Directory https://graph.microsoft.com/organization.Read.all https://graph.microsoft.com/Application.ReadWrite.all https://graph.microsoft.com/groupmember.readwrite.all https://graph.microsoft.com/AuditLog.Read.All https://graph.microsoft.com/DeviceLocalCredential.Read.All. |
| Name | Type | Description |
| URL | String | The authorization URL, entered into a Web browser to obtain the verifier token and authorize your app. |
Promotes a domain.
| Name | Type | Description |
| Id | String | The Id of the domain to be promoted. |
| Name | Type | Description |
| Success | String | Whether the operation was successful. |
Removes a group from an Application Role Assignment.
| Name | Type | Description |
| AppRoleAssignmentId | String | The unique identifier of the app role assignment. |
| GroupId | String | The unique identifier of the group. |
| Name | Type | Description |
| Success | String | Whether the operation was successful. |
Remove a member from a Group.
| Name | Type | Description |
| MemberId | String | The unique identifier of the member. |
| GroupId | String | The unique identifier of the group. |
| Name | Type | Description |
| Success | String | Whether the operation was successful. |
Removes a member from a directory role.
| Name | Type | Description |
| RoleId | String | The unique identifier of the directory role. |
| RoleTemplateId | String | The unique identifier of the directory role template. |
| UserId | String | The unique identifier of the user. |
| Name | Type | Description |
| Success | String | Whether the operation was successful. |
Remove a user from an Application Role Assignment.
| Name | Type | Description |
| AppRoleAssignmentId | String | The unique identifier of the app role assignment. |
| UserId | String | The unique identifier of the user. |
| Name | Type | Description |
| Success | String | Whether the operation was successful. |
Verifies a domain.
| Name | Type | Description |
| Id | String | The Id of the domain to be verified. |
| Name | Type | Description |
| Success | String | Whether the operation was successful. |
You can query the system tables described in this section to access schema information, information on data source functionality, and batch operation statistics.
The following tables return database metadata for Azure Active Directory:
The following tables return information about how to connect to and query the data source:
The following table returns query statistics for data modification queries:
Lists the available databases.
The following query retrieves all databases determined by the connection string:
SELECT * FROM sys_catalogs
| Name | Type | Description |
| CatalogName | String | The database name. |
Lists the available schemas.
The following query retrieves all available schemas:
SELECT * FROM sys_schemas
| Name | Type | Description |
| CatalogName | String | The database name. |
| SchemaName | String | The schema name. |
Lists the available tables.
The following query retrieves the available tables and views:
SELECT * FROM sys_tables
| Name | Type | Description |
| CatalogName | String | The database containing the table or view. |
| SchemaName | String | The schema containing the table or view. |
| TableName | String | The name of the table or view. |
| TableType | String | The table type (table or view). |
| Description | String | A description of the table or view. |
| IsUpdateable | Boolean | Whether the table can be updated. |
Describes the columns of the available tables and views.
The following query returns the columns and data types for the DirectoryRoles table:
SELECT ColumnName, DataTypeName FROM sys_tablecolumns WHERE TableName='DirectoryRoles'
| Name | Type | Description |
| CatalogName | String | The name of the database containing the table or view. |
| SchemaName | String | The schema containing the table or view. |
| TableName | String | The name of the table or view containing the column. |
| ColumnName | String | The column name. |
| DataTypeName | String | The data type name. |
| DataType | Int32 | An integer indicating the data type. This value is determined at run time based on the environment. |
| Length | Int32 | The storage size of the column. |
| DisplaySize | Int32 | The designated column's normal maximum width in characters. |
| NumericPrecision | Int32 | The maximum number of digits in numeric data. The column length in characters for character and date-time data. |
| NumericScale | Int32 | The column scale or number of digits to the right of the decimal point. |
| IsNullable | Boolean | Whether the column can contain null. |
| Description | String | A brief description of the column. |
| Ordinal | Int32 | The sequence number of the column. |
| IsAutoIncrement | String | Whether the column value is assigned in fixed increments. |
| IsGeneratedColumn | String | Whether the column is generated. |
| IsHidden | Boolean | Whether the column is hidden. |
| IsArray | Boolean | Whether the column is an array. |
| IsReadOnly | Boolean | Whether the column is read-only. |
| IsKey | Boolean | Indicates whether a field returned from sys_tablecolumns is the primary key of the table. |
Lists the available stored procedures.
The following query retrieves the available stored procedures:
SELECT * FROM sys_procedures
| Name | Type | Description |
| CatalogName | String | The database containing the stored procedure. |
| SchemaName | String | The schema containing the stored procedure. |
| ProcedureName | String | The name of the stored procedure. |
| Description | String | A description of the stored procedure. |
| ProcedureType | String | The type of the procedure, such as PROCEDURE or FUNCTION. |
Describes stored procedure parameters.
The following query returns information about all of the input parameters for the AddMember stored procedure:
SELECT * FROM sys_procedureparameters WHERE ProcedureName='AddMember' AND Direction=1 OR Direction=2
| Name | Type | Description |
| CatalogName | String | The name of the database containing the stored procedure. |
| SchemaName | String | The name of the schema containing the stored procedure. |
| ProcedureName | String | The name of the stored procedure containing the parameter. |
| ColumnName | String | The name of the stored procedure parameter. |
| Direction | Int32 | An integer corresponding to the type of the parameter: input (1), input/output (2), or output(4). input/output type parameters can be both input and output parameters. |
| DataTypeName | String | The name of the data type. |
| DataType | Int32 | An integer indicating the data type. This value is determined at run time based on the environment. |
| Length | Int32 | The number of characters allowed for character data. The number of digits allowed for numeric data. |
| NumericPrecision | Int32 | The maximum precision for numeric data. The column length in characters for character and date-time data. |
| NumericScale | Int32 | The number of digits to the right of the decimal point in numeric data. |
| IsNullable | Boolean | Whether the parameter can contain null. |
| IsRequired | Boolean | Whether the parameter is required for execution of the procedure. |
| IsArray | Boolean | Whether the parameter is an array. |
| Description | String | The description of the parameter. |
| Ordinal | Int32 | The index of the parameter. |
Describes the primary and foreign keys.
The following query retrieves the primary key for the DirectoryRoles table:
SELECT * FROM sys_keycolumns WHERE IsKey='True' AND TableName='DirectoryRoles'
| Name | Type | Description |
| CatalogName | String | The name of the database containing the key. |
| SchemaName | String | The name of the schema containing the key. |
| TableName | String | The name of the table containing the key. |
| ColumnName | String | The name of the key column. |
| IsKey | Boolean | Whether the column is a primary key in the table referenced in the TableName field. |
| IsForeignKey | Boolean | Whether the column is a foreign key referenced in the TableName field. |
| PrimaryKeyName | String | The name of the primary key. |
| ForeignKeyName | String | The name of the foreign key. |
| ReferencedCatalogName | String | The database containing the primary key. |
| ReferencedSchemaName | String | The schema containing the primary key. |
| ReferencedTableName | String | The table containing the primary key. |
| ReferencedColumnName | String | The column name of the primary key. |
Describes the foreign keys.
The following query retrieves all foreign keys which refer to other tables:
SELECT * FROM sys_foreignkeys WHERE ForeignKeyType = 'FOREIGNKEY_TYPE_IMPORT'
| Name | Type | Description |
| CatalogName | String | The name of the database containing the key. |
| SchemaName | String | The name of the schema containing the key. |
| TableName | String | The name of the table containing the key. |
| ColumnName | String | The name of the key column. |
| PrimaryKeyName | String | The name of the primary key. |
| ForeignKeyName | String | The name of the foreign key. |
| ReferencedCatalogName | String | The database containing the primary key. |
| ReferencedSchemaName | String | The schema containing the primary key. |
| ReferencedTableName | String | The table containing the primary key. |
| ReferencedColumnName | String | The column name of the primary key. |
| ForeignKeyType | String | Designates whether the foreign key is an import (points to other tables) or export (referenced from other tables) key. |
Describes the primary keys.
The following query retrieves the primary keys from all tables and views:
SELECT * FROM sys_primarykeys
| Name | Type | Description |
| CatalogName | String | The name of the database containing the key. |
| SchemaName | String | The name of the schema containing the key. |
| TableName | String | The name of the table containing the key. |
| ColumnName | String | The name of the key column. |
| KeySeq | String | The sequence number of the primary key. |
| KeyName | String | The name of the primary key. |
Describes the available indexes. By filtering on indexes, you can write more selective queries with faster query response times.
The following query retrieves all indexes that are not primary keys:
SELECT * FROM sys_indexes WHERE IsPrimary='false'
| Name | Type | Description |
| CatalogName | String | The name of the database containing the index. |
| SchemaName | String | The name of the schema containing the index. |
| TableName | String | The name of the table containing the index. |
| IndexName | String | The index name. |
| ColumnName | String | The name of the column associated with the index. |
| IsUnique | Boolean | True if the index is unique. False otherwise. |
| IsPrimary | Boolean | True if the index is a primary key. False otherwise. |
| Type | Int16 | An integer value corresponding to the index type: statistic (0), clustered (1), hashed (2), or other (3). |
| SortOrder | String | The sort order: A for ascending or D for descending. |
| OrdinalPosition | Int16 | The sequence number of the column in the index. |
Returns information on the available connection properties and those set in the connection string.
When querying this table, the config connection string should be used:
jdbc:cdata:azuread:config:
This connection string enables you to query this table without a valid connection.
The following query retrieves all connection properties that have been set in the connection string or set through a default value:
SELECT * FROM sys_connection_props WHERE Value <> ''
| Name | Type | Description |
| Name | String | The name of the connection property. |
| ShortDescription | String | A brief description. |
| Type | String | The data type of the connection property. |
| Default | String | The default value if one is not explicitly set. |
| Values | String | A comma-separated list of possible values. A validation error is thrown if another value is specified. |
| Value | String | The value you set or a preconfigured default. |
| Required | Boolean | Whether the property is required to connect. |
| Category | String | The category of the connection property. |
| IsSessionProperty | String | Whether the property is a session property, used to save information about the current connection. |
| Sensitivity | String | The sensitivity level of the property. This informs whether the property is obfuscated in logging and authentication forms. |
| PropertyName | String | A camel-cased truncated form of the connection property name. |
| Ordinal | Int32 | The index of the parameter. |
| CatOrdinal | Int32 | The index of the parameter category. |
| Hierarchy | String | Shows dependent properties associated that need to be set alongside this one. |
| Visible | Boolean | Informs whether the property is visible in the connection UI. |
| ETC | String | Various miscellaneous information about the property. |
Describes the SELECT query processing that the Cloud can offload to the data source.
See SQL Compliance for SQL syntax details.
Below is an example data set of SQL capabilities. Some aspects of SELECT functionality are returned in a comma-separated list if supported; otherwise, the column contains NO.
| Name | Description | Possible Values |
| AGGREGATE_FUNCTIONS | Supported aggregation functions. | AVG, COUNT, MAX, MIN, SUM, DISTINCT |
| COUNT | Whether COUNT function is supported. | YES, NO |
| IDENTIFIER_QUOTE_OPEN_CHAR | The opening character used to escape an identifier. | [ |
| IDENTIFIER_QUOTE_CLOSE_CHAR | The closing character used to escape an identifier. | ] |
| SUPPORTED_OPERATORS | A list of supported SQL operators. | =, >, <, >=, <=, <>, !=, LIKE, NOT LIKE, IN, NOT IN, IS NULL, IS NOT NULL, AND, OR |
| GROUP_BY | Whether GROUP BY is supported, and, if so, the degree of support. | NO, NO_RELATION, EQUALS_SELECT, SQL_GB_COLLATE |
| OJ_CAPABILITIES | The supported varieties of outer joins supported. | NO, LEFT, RIGHT, FULL, INNER, NOT_ORDERED, ALL_COMPARISON_OPS |
| OUTER_JOINS | Whether outer joins are supported. | YES, NO |
| SUBQUERIES | Whether subqueries are supported, and, if so, the degree of support. | NO, COMPARISON, EXISTS, IN, CORRELATED_SUBQUERIES, QUANTIFIED |
| STRING_FUNCTIONS | Supported string functions. | LENGTH, CHAR, LOCATE, REPLACE, SUBSTRING, RTRIM, LTRIM, RIGHT, LEFT, UCASE, SPACE, SOUNDEX, LCASE, CONCAT, ASCII, REPEAT, OCTET, BIT, POSITION, INSERT, TRIM, UPPER, REGEXP, LOWER, DIFFERENCE, CHARACTER, SUBSTR, STR, REVERSE, PLAN, UUIDTOSTR, TRANSLATE, TRAILING, TO, STUFF, STRTOUUID, STRING, SPLIT, SORTKEY, SIMILAR, REPLICATE, PATINDEX, LPAD, LEN, LEADING, KEY, INSTR, INSERTSTR, HTML, GRAPHICAL, CONVERT, COLLATION, CHARINDEX, BYTE |
| NUMERIC_FUNCTIONS | Supported numeric functions. | ABS, ACOS, ASIN, ATAN, ATAN2, CEILING, COS, COT, EXP, FLOOR, LOG, MOD, SIGN, SIN, SQRT, TAN, PI, RAND, DEGREES, LOG10, POWER, RADIANS, ROUND, TRUNCATE |
| TIMEDATE_FUNCTIONS | Supported date/time functions. | NOW, CURDATE, DAYOFMONTH, DAYOFWEEK, DAYOFYEAR, MONTH, QUARTER, WEEK, YEAR, CURTIME, HOUR, MINUTE, SECOND, TIMESTAMPADD, TIMESTAMPDIFF, DAYNAME, MONTHNAME, CURRENT_DATE, CURRENT_TIME, CURRENT_TIMESTAMP, EXTRACT |
| REPLICATION_SKIP_TABLES | Indicates tables skipped during replication. | |
| REPLICATION_TIMECHECK_COLUMNS | A string array containing a list of columns which will be used to check for (in the given order) to use as a modified column during replication. | |
| IDENTIFIER_PATTERN | String value indicating what string is valid for an identifier. | |
| SUPPORT_TRANSACTION | Indicates if the provider supports transactions such as commit and rollback. | YES, NO |
| DIALECT | Indicates the SQL dialect to use. | |
| KEY_PROPERTIES | Indicates the properties which identify the uniform database. | |
| SUPPORTS_MULTIPLE_SCHEMAS | Indicates if multiple schemas may exist for the provider. | YES, NO |
| SUPPORTS_MULTIPLE_CATALOGS | Indicates if multiple catalogs may exist for the provider. | YES, NO |
| DATASYNCVERSION | The CData Data Sync version needed to access this driver. | Standard, Starter, Professional, Enterprise |
| DATASYNCCATEGORY | The CData Data Sync category of this driver. | Source, Destination, Cloud Destination |
| SUPPORTSENHANCEDSQL | Whether enhanced SQL functionality beyond what is offered by the API is supported. | TRUE, FALSE |
| SUPPORTS_BATCH_OPERATIONS | Whether batch operations are supported. | YES, NO |
| SQL_CAP | All supported SQL capabilities for this driver. | SELECT, INSERT, DELETE, UPDATE, TRANSACTIONS, ORDERBY, OAUTH, ASSIGNEDID, LIMIT, LIKE, BULKINSERT, COUNT, BULKDELETE, BULKUPDATE, GROUPBY, HAVING, AGGS, OFFSET, REPLICATE, COUNTDISTINCT, JOINS, DROP, CREATE, DISTINCT, INNERJOINS, SUBQUERIES, ALTER, MULTIPLESCHEMAS, GROUPBYNORELATION, OUTERJOINS, UNIONALL, UNION, UPSERT, GETDELETED, CROSSJOINS, GROUPBYCOLLATE, MULTIPLECATS, FULLOUTERJOIN, MERGE, JSONEXTRACT, BULKUPSERT, SUM, SUBQUERIESFULL, MIN, MAX, JOINSFULL, XMLEXTRACT, AVG, MULTISTATEMENTS, FOREIGNKEYS, CASE, LEFTJOINS, COMMAJOINS, WITH, LITERALS, RENAME, NESTEDTABLES, EXECUTE, BATCH, BASIC, INDEX |
| PREFERRED_CACHE_OPTIONS | A string value specifies the preferred cacheOptions. | |
| ENABLE_EF_ADVANCED_QUERY | Indicates if the driver directly supports advanced queries coming from Entity Framework. If not, queries will be handled client side. | YES, NO |
| PSEUDO_COLUMNS | A string array indicating the available pseudo columns. | |
| MERGE_ALWAYS | If the value is true, The Merge Mode is forcibly executed in Data Sync. | TRUE, FALSE |
| REPLICATION_MIN_DATE_QUERY | A select query to return the replicate start datetime. | |
| REPLICATION_MIN_FUNCTION | Allows a provider to specify the formula name to use for executing a server side min. | |
| REPLICATION_START_DATE | Allows a provider to specify a replicate startdate. | |
| REPLICATION_MAX_DATE_QUERY | A select query to return the replicate end datetime. | |
| REPLICATION_MAX_FUNCTION | Allows a provider to specify the formula name to use for executing a server side max. | |
| IGNORE_INTERVALS_ON_INITIAL_REPLICATE | A list of tables which will skip dividing the replicate into chunks on the initial replicate. | |
| CHECKCACHE_USE_PARENTID | Indicates whether the CheckCache statement should be done against the parent key column. | TRUE, FALSE |
| CREATE_SCHEMA_PROCEDURES | Indicates stored procedures that can be used for generating schema files. |
The following query retrieves the operators that can be used in the WHERE clause:
SELECT * FROM sys_sqlinfo WHERE Name = 'SUPPORTED_OPERATORS'
Note that individual tables may have different limitations or requirements on the WHERE clause; refer to the Data Model section for more information.
| Name | Type | Description |
| NAME | String | A component of SQL syntax, or a capability that can be processed on the server. |
| VALUE | String | Detail on the supported SQL or SQL syntax. |
Returns information about attempted modifications.
The following query retrieves the Ids of the modified rows in a batch operation:
SELECT * FROM sys_identity
| Name | Type | Description |
| Id | String | The database-generated Id returned from a data modification operation. |
| Batch | String | An identifier for the batch. 1 for a single operation. |
| Operation | String | The result of the operation in the batch: INSERTED, UPDATED, or DELETED. |
| Message | String | SUCCESS or an error message if the update in the batch failed. |
The Cloud maps types from the data source to the corresponding data type available in the schema. The table below documents these mappings.
| Azure Active Directory (OData V4) | CData Schema |
| Edm.Binary | binary |
| Edm.Boolean | bool |
| Edm.Date | datetime |
| Edm.DateTimeOffset | datetime |
| Edm.Decimal | decimal |
| Edm.Double | double |
| Edm.Guid | guid |
| Edm.Int32 | int |
| Edm.String | string |
| Edm.TimeOfDay | time |
The connection string properties are the various options that can be used to establish a connection. This section provides a complete list of the options you can configure in the connection string for this provider. Click the links for further details.
For more information on establishing a connection, see Establishing a Connection.
| Property | Description |
| AuthScheme | The type of authentication to use when connecting to Azure Active Directory. |
| Property | Description |
| AzureTenant | The Microsoft Online tenant being used to access data. If not specified, your default tenant is used. |
| AzureEnvironment | The Azure Environment to use when establishing a connection. |
| Property | Description |
| OAuthClientId | The client Id assigned when you register your application with an OAuth authorization server. |
| OAuthClientSecret | The client secret assigned when you register your application with an OAuth authorization server. |
| OAuthGrantType | The grant type for the OAuth flow. |
| Property | Description |
| OAuthJWTCert | The JWT Certificate store. |
| OAuthJWTCertType | The type of key store containing the JWT Certificate. |
| OAuthJWTCertPassword | The password for the OAuth JWT certificate. |
| OAuthJWTCertSubject | The subject of the OAuth JWT certificate. |
| Property | Description |
| SSLServerCert | The certificate to be accepted from the server when connecting using TLS/SSL. |
| Property | Description |
| Verbosity | The verbosity level that determines the amount of detail included in the log file. |
| Property | Description |
| BrowsableSchemas | This property restricts the schemas reported to a subset of the available schemas. For example, BrowsableSchemas=SchemaA,SchemaB,SchemaC. |
| Property | Description |
| MaxRows | Limits the number of rows returned when no aggregation or GROUP BY is used in the query. This takes precedence over LIMIT clauses. |
| PseudoColumns | This property indicates whether or not to include pseudo columns as columns to the table. |
| Timeout | The value in seconds until the timeout error is thrown, canceling the operation. |
This section provides a complete list of the Authentication properties you can configure in the connection string for this provider.
| Property | Description |
| AuthScheme | The type of authentication to use when connecting to Azure Active Directory. |
The type of authentication to use when connecting to Azure Active Directory.
string
"AzureAD"
This section provides a complete list of the Azure Authentication properties you can configure in the connection string for this provider.
| Property | Description |
| AzureTenant | The Microsoft Online tenant being used to access data. If not specified, your default tenant is used. |
| AzureEnvironment | The Azure Environment to use when establishing a connection. |
The Microsoft Online tenant being used to access data. If not specified, your default tenant is used.
string
""
The Microsoft Online tenant being used to access data. For instance, contoso.onmicrosoft.com. Alternatively, specify the tenant Id. This value is the directory Id in the Azure Portal > Azure Active Directory > Properties.
Typically it is not necessary to specify the Tenant. This can be automatically determined by Microsoft when using the OAuthGrantType set to CODE (default). However, it may fail in the case that the user belongs to multiple tenants. For instance, if an Admin of domain A invites a user of domain B to be a guest user. The user will now belong to both tenants. It is a good practice to specify the Tenant, although in general things should normally work without having to specify it.
The AzureTenant is required when setting OAuthGrantType to CLIENT. When using client credentials, there is no user context. The credentials are taken from the context of the app itself. While Microsoft still allows client credentials to be obtained without specifying which Tenant, it has a much lower probability of picking the specific tenant you want to work with. For this reason, we require AzureTenant to be explicitly stated for all client credentials connections to ensure you get credentials that are applicable for the domain you intend to connect to.
The Azure Environment to use when establishing a connection.
string
"GLOBAL"
In most cases, leaving the environment set to global will work. However, if your Azure Account has been added to a different environment, the AzureEnvironment may be used to specify which environment. The available values are GLOBAL, CHINA, USGOVT, USGOVTDOD.
This section provides a complete list of the OAuth properties you can configure in the connection string for this provider.
| Property | Description |
| OAuthClientId | The client Id assigned when you register your application with an OAuth authorization server. |
| OAuthClientSecret | The client secret assigned when you register your application with an OAuth authorization server. |
| OAuthGrantType | The grant type for the OAuth flow. |
The client Id assigned when you register your application with an OAuth authorization server.
string
""
As part of registering an OAuth application, you will receive the OAuthClientId value, sometimes also called a consumer key, and a client secret, the OAuthClientSecret.
The client secret assigned when you register your application with an OAuth authorization server.
string
""
As part of registering an OAuth application, you will receive the OAuthClientId, also called a consumer key. You will also receive a client secret, also called a consumer secret. Set the client secret in the OAuthClientSecret property.
The grant type for the OAuth flow.
string
"CODE"
The following options are available: CODE,CLIENT
This section provides a complete list of the JWT OAuth properties you can configure in the connection string for this provider.
| Property | Description |
| OAuthJWTCert | The JWT Certificate store. |
| OAuthJWTCertType | The type of key store containing the JWT Certificate. |
| OAuthJWTCertPassword | The password for the OAuth JWT certificate. |
| OAuthJWTCertSubject | The subject of the OAuth JWT certificate. |
The JWT Certificate store.
string
""
The name of the certificate store for the client certificate.
The OAuthJWTCertType field specifies the type of the certificate store specified by OAuthJWTCert. If the store is password protected, specify the password in OAuthJWTCertPassword.
OAuthJWTCert is used in conjunction with the OAuthJWTCertSubject field in order to specify client certificates. If OAuthJWTCert has a value, and OAuthJWTCertSubject is set, a search for a certificate is initiated. Please refer to the OAuthJWTCertSubject field for details.
Designations of certificate stores are platform-dependent.
The following are designations of the most common User and Machine certificate stores in Windows:
| MY | A certificate store holding personal certificates with their associated private keys. |
| CA | Certifying authority certificates. |
| ROOT | Root certificates. |
| SPC | Software publisher certificates. |
In Java, the certificate store normally is a file containing certificates and optional private keys.
When the certificate store type is PFXFile, this property must be set to the name of the file. When the type is PFXBlob, the property must be set to the binary contents of a PFX file (i.e. PKCS12 certificate store).
The type of key store containing the JWT Certificate.
string
"PEMKEY_BLOB"
This property can take one of the following values:
| USER | For Windows, this specifies that the certificate store is a certificate store owned by the current user. Note: This store type is not available in Java. |
| MACHINE | For Windows, this specifies that the certificate store is a machine store. Note: this store type is not available in Java. |
| PFXFILE | The certificate store is the name of a PFX (PKCS12) file containing certificates. |
| PFXBLOB | The certificate store is a string (base-64-encoded) representing a certificate store in PFX (PKCS12) format. |
| JKSFILE | The certificate store is the name of a Java key store (JKS) file containing certificates. Note: this store type is only available in Java. |
| JKSBLOB | The certificate store is a string (base-64-encoded) representing a certificate store in Java key store (JKS) format. Note: this store type is only available in Java. |
| PEMKEY_FILE | The certificate store is the name of a PEM-encoded file that contains a private key and an optional certificate. |
| PEMKEY_BLOB | The certificate store is a string (base64-encoded) that contains a private key and an optional certificate. |
| PUBLIC_KEY_FILE | The certificate store is the name of a file that contains a PEM- or DER-encoded public key certificate. |
| PUBLIC_KEY_BLOB | The certificate store is a string (base-64-encoded) that contains a PEM- or DER-encoded public key certificate. |
| SSHPUBLIC_KEY_FILE | The certificate store is the name of a file that contains an SSH-style public key. |
| SSHPUBLIC_KEY_BLOB | The certificate store is a string (base-64-encoded) that contains an SSH-style public key. |
| P7BFILE | The certificate store is the name of a PKCS7 file containing certificates. |
| PPKFILE | The certificate store is the name of a file that contains a PPK (PuTTY Private Key). |
| XMLFILE | The certificate store is the name of a file that contains a certificate in XML format. |
| XMLBLOB | The certificate store is a string that contains a certificate in XML format. |
The password for the OAuth JWT certificate.
string
""
If the certificate store is of a type that requires a password, this property is used to specify that password in order to open the certificate store.
The subject of the OAuth JWT certificate.
string
"*"
When loading a certificate the subject is used to locate the certificate in the store.
If an exact match is not found, the store is searched for subjects containing the value of the property.
If a match is still not found, the property is set to an empty string, and no certificate is selected.
The special value "*" picks the first certificate in the certificate store.
The certificate subject is a comma separated list of distinguished name fields and values. For instance "CN=www.server.com, OU=test, C=US, [email protected]". Common fields and their meanings are displayed below.
| Field | Meaning |
| CN | Common Name. This is commonly a host name like www.server.com. |
| O | Organization |
| OU | Organizational Unit |
| L | Locality |
| S | State |
| C | Country |
| E | Email Address |
If a field value contains a comma it must be quoted.
This section provides a complete list of the SSL properties you can configure in the connection string for this provider.
| Property | Description |
| SSLServerCert | The certificate to be accepted from the server when connecting using TLS/SSL. |
The certificate to be accepted from the server when connecting using TLS/SSL.
string
""
If using a TLS/SSL connection, this property can be used to specify the TLS/SSL certificate to be accepted from the server. Any other certificate that is not trusted by the machine is rejected.
This property can take the following forms:
| Description | Example |
| A full PEM Certificate (example shortened for brevity) | -----BEGIN CERTIFICATE----- MIIChTCCAe4CAQAwDQYJKoZIhv......Qw== -----END CERTIFICATE----- |
| A path to a local file containing the certificate | C:\cert.cer |
| The public key (example shortened for brevity) | -----BEGIN RSA PUBLIC KEY----- MIGfMA0GCSq......AQAB -----END RSA PUBLIC KEY----- |
| The MD5 Thumbprint (hex values can also be either space or colon separated) | ecadbdda5a1529c58a1e9e09828d70e4 |
| The SHA1 Thumbprint (hex values can also be either space or colon separated) | 34a929226ae0819f2ec14b4a3d904f801cbb150d |
If not specified, any certificate trusted by the machine is accepted.
Use '*' to signify to accept all certificates. Note that this is not recommended due to security concerns.
This section provides a complete list of the Logging properties you can configure in the connection string for this provider.
| Property | Description |
| Verbosity | The verbosity level that determines the amount of detail included in the log file. |
The verbosity level that determines the amount of detail included in the log file.
string
"1"
The verbosity level determines the amount of detail that the Cloud reports to the Logfile. Verbosity levels from 1 to 5 are supported. These are detailed in the Logging page.
This section provides a complete list of the Schema properties you can configure in the connection string for this provider.
| Property | Description |
| BrowsableSchemas | This property restricts the schemas reported to a subset of the available schemas. For example, BrowsableSchemas=SchemaA,SchemaB,SchemaC. |
This property restricts the schemas reported to a subset of the available schemas. For example, BrowsableSchemas=SchemaA,SchemaB,SchemaC.
string
""
Listing the schemas from databases can be expensive. Providing a list of schemas in the connection string improves the performance.
This section provides a complete list of the Miscellaneous properties you can configure in the connection string for this provider.
| Property | Description |
| MaxRows | Limits the number of rows returned when no aggregation or GROUP BY is used in the query. This takes precedence over LIMIT clauses. |
| PseudoColumns | This property indicates whether or not to include pseudo columns as columns to the table. |
| Timeout | The value in seconds until the timeout error is thrown, canceling the operation. |
Limits the number of rows returned when no aggregation or GROUP BY is used in the query. This takes precedence over LIMIT clauses.
int
-1
Limits the number of rows returned when no aggregation or GROUP BY is used in the query. This takes precedence over LIMIT clauses.
This property indicates whether or not to include pseudo columns as columns to the table.
string
""
This setting is particularly helpful in Entity Framework, which does not allow you to set a value for a pseudo column unless it is a table column. The value of this connection setting is of the format "Table1=Column1, Table1=Column2, Table2=Column3". You can use the "*" character to include all tables and all columns; for example, "*=*".
The value in seconds until the timeout error is thrown, canceling the operation.
int
60
If Timeout = 0, operations do not time out. The operations run until they complete successfully or until they encounter an error condition.
If Timeout expires and the operation is not yet complete, the Cloud throws an exception.