The driver supports Microsoft Entra ID (Entra ID) authentication (formerly known as Azure Active Directory authentication). Entra ID authentication is an alternate authentication type that allows administrators to centrally manage user permissions to Azure SQL Database data stores. The driver supports the following methods of Entra ID authentication:
Note: When using Entra ID authentication, the driver requires root CA certificates to establish an SSL connection to a database. The driver determines the location of the truststore containing the required certificates by using the default JRE cacerts file unless a different file has been specified by the javax.net.ssl.trustStore Java system property. The truststore location cannot be specified using the driver's Truststore property.

User and password authentication

To use user and password authentication with Entra ID:

  • Set the AuthenticationMethod property to specify a value of EntraIDPassword.
  • Set the User property to specify your Entra ID username using the userid@domain.com format.
  • Set the Password property to specify your Entra ID password.
  • Set the AzureTenantID property to specify the tenant associated with the PostgreSQL server.
  • Specify values for minimum required properties for establishing a connection.
    • Set the ServerName property to specify either the IP address in IPv4 or IPv6 format, or the server name for your Azure server. For example, myserver.postgres.database.azure.com.
    • Set the PortNumber property to specify the TCP port of the primary database server that is listening for connections to the database.

For example, the following is a connection string with only the required options for making a connection using Entra ID authentication.

Note: If the HostNameInCertificate is not specified, the driver automatically uses the value of the ServerName from the URL as the value for validating the certificate.
Connection conn = DriverManager.getConnection 
("jdbc:datadirect:postgresql://myserver.postgres.database.azure.com:5432;
AuthenticationMethod=EntraIDPassword;User=test@mydomain.com;
Password=secret;AzureTenantID=xyz012");

Service principal authentication

To use service principal authentication with Entra ID:
Note: The user must configure the API permission Application.Read.All for the application associated with the database. Refer to Permission for details.
  • Set the AuthenticationMethod property to specify a value of EntraIDServicePrincipal.
  • Set the User property to specify the client ID of the service principal.
  • Set the Password property to specify the client secret of the service principal.
  • Set the AzureTenantID property to specify the Azure tenant ID associated with your PostgreSQL server.
  • Specify values for minimum required properties for establishing a connection.
    • Set the ServerName property to specify either the IP address in IPv4 or IPv6 format, or the server name for your Entra ID server. For example, myserver.postgres.database.azure.com.
    • Set the PortNumber property to specify the TCP port of the primary database server that is listening for connections to the database.
Note: If the HostNameInCertificate is not specified, the driver automatically uses the value of the ServerName from the URL as the value for validating the certificate.

For example, the following is a connection string with only the required options for making a connection using Entra ID authentication.

Connection conn = DriverManager.getConnection 
("jdbc:datadirect:postgresql://myserver.postgres.database.azure.com:5432;
AuthenticationMethod=EntraIDServicePrincipal;User=1234abcd-1234-abcd-1234-abcd1234abcd;
Password=ABcdEFg/hiJkLmNOPqR01stUvWxyzYx2wvUTsrQpO;AzureTenantID=xyz012");