Azure Data Factory: Can self-hosted Integration Runtime be configured to use Sql Integrated Security

1
votes

We are using Azure Data Factory (ADFv2) to move data from on-prem Sql Server to Azure cloud, using a self-hosted Integration Runtime (IR).

Saving sql credentials in keyVault works great, but I wanted to know if self-hosted IR could be configured to use Windows Integrated Security to connect to on-prem Sql Server sources. Can the IR service be configured to run as a windows user that has permissions to connect to sql?

I am going to try it out myself, but wanted to post a question here in case someone has already tried it. I could not find any ADF documentation on this.

1
sql-serverazureazure-data-factoryazure-data-factory-2integrated-security
I guess you mean windows integrated security. Yes but you configure it in the linked service. You have to enter the windows login and windows password though.Nick.McDermaid

1 Answers

4
votes

Can the IR service be configured to run as a windows user that has permissions to connect to sql?

No. And this is intentional, because if that were allowed:

  1. The IR service account would accumulate privileges

and

  1. The users of any linked data factory would be able to use those privileges

So the IR only handles network connectivity, and data factory users must bring their own credentials for accessing source systems.