Configure a Connection Profile

From the CData ribbon, click Get Data and select From Azure Cosmos DB connection/s to launch the CData Query window. To setup a new connection, you will have to click the New Azure Cosmos DB Connection button. Here you can set the connection settings, test the connection, and save the connection profile.

Connecting to Azure Cosmos DB

Azure Cosmos DB supports connecting and authenticating by Account Key, through Azure AD, or through Azure Service Principal.

Account Key

Log in to the Azure Portal, select Azure Cosmos DB, and select your account.

Set the following to authenticate:

• AccountEndpoint: The Cosmos DB account URL. Set this to the URI value found in the Settings > Keys blade of the Cosmos DB account.
• AccountKey: A master key token or a resource token for connecting to Azure Cosmos DB. Set this to the PRIMARY KEY value found in the Settings > Keys blade of the Cosmos DB account.
• TokenType: (optional). Set this to "master" (the default value) if you are using a Master Token, which is a full permissions token generated during account creation. Otherwise, set this property to "resource" if you are using a Resource Token, which is a custom permissions token generated when a database user is set up.

Azure AD

Azure AD is Microsoft’s multi-tenant, cloud-based directory and identity management service. It is user-based authentication that requires that you set AuthScheme to AzureAD.

Authentication to Azure AD over a Web application always requires the creation of a custom OAuth application. For details, see Creating an Azure AD Application.

Desktop Applications

CData provides an embedded OAuth application that simplifies connection to Azure AD from a Desktop application.

You can also authenticate from a desktop application using a custom OAuth application. (For further information, see Creating an Azure AD Application.) To authenticate via Azure AD, set these parameters:

• AuthScheme: AzureAD.

• Custom applications only:

  • OAuthClientId: The client Id assigned when you registered your custom OAuth application.
  • OAuthClientSecret: The client secret assigned when you registered your custom OAuth application.
  • CallbackURL: The redirect URI you defined when you registered your custom OAuth application.

When you connect, the add-in opens Azure Cosmos DB's OAuth endpoint in your default browser. Log in and grant permissions to the application.

The add-in completes the OAuth process, obtaining an access token from Azure Cosmos DB and using it to request data. The OAuth values are saved in the path specified in OAuthSettingsLocation. These values persist across connections.

When the access token expires, the add-in refreshes it automatically.

Azure Service Principal

Azure Service Principal is role-based application-based authentication. This means that authentication is done per application, rather than per user. All tasks taken on by the application are executed without a default user context, but based on the assigned roles. The application access to the resources is controlled through the assigned roles' permissions.

For information about how to set up Azure Service Principal authentication, see Creating an Azure AD Application with Service Principal.

Connection Properties

The Connection properties describe the various options that can be used to establish a connection.

Managing Connections

After successfully authenticating to Azure Cosmos DB you will be able to customize the data you are importing. To learn more about this, see Managing Connections.

See Also

• Querying Data: Use the data selection wizard to pull data into a spreadsheet. You can also configure scheduled data refresh here.
• Using the Excel Add-In: Find other ways to interact with Azure Cosmos DB data, such as using the available CData Excel Functions.