Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
A connection is a securable object in Unity Catalog that stores the endpoint and credentials needed to access an external system. A connection includes:
- The endpoint or URL of the external system
- Authentication credentials
- Configuration parameters
- Owner and metadata
Connections are not the same as storage credentials (for cloud object storage) or service credentials (for non-storage cloud services). For more information, see What is Unity Catalog? and Connection.
Connection types
Azure Databricks supports several connection types, each designed for a different integration pattern. The type you create determines how the connection is consumed and what governance it provides.
Managed ingestion connections
Managed ingestion connections power Lakeflow Connect pipelines for fully-managed, serverless ingestion from external sources into Delta tables.
See Connect to managed ingestion sources and Managed connectors in Lakeflow Connect.
Query federation connections
Query federation connections enable read-only queries against external databases without moving data. They use foreign catalogs that mirror the external database structure. Queries are pushed down to the external database using JDBC.
See What is query federation?.
Catalog federation connections
Catalog federation connections connect external catalogs (a Hive Metastore or Snowflake Horizon Catalog) to Azure Databricks. Unity Catalog crawls the external catalog metadata and auto-populates a foreign catalog, so you can query data directly in the source file storage.
See What is catalog federation?.
JDBC connections
JDBC connections provide read and write access to external databases using JDBC driver JARs with the Spark Data Source API or the Remote Query SQL API.
See JDBC connection.
HTTP connections
HTTP connections enable communication with external HTTP services through a Azure Databricks-managed proxy. They power external REST APIs, MCP integrations, and AI agent tools.
See Connect to external HTTP services and Install an external MCP server.
Choose a connection type
The following table compares connection types to help you choose the right one for your use case.
| Type | Use case | Read | Write | Governance level |
|---|---|---|---|---|
| Managed ingestion | Ingest data from SaaS apps or databases into Delta tables | Ingests to Delta | N/A | Connection-level |
| Query federation | Query an external database in place without copying data | Yes | No | Table-level |
| Catalog federation | Connect external catalogs to query data directly in source file storage | Yes | No | Table-level |
| JDBC | Read and write to an external database with a specific JDBC driver | Yes | Yes | Connection-level |
| HTTP | Connect to external HTTP APIs, MCP servers, or agent tools | N/A | N/A | Connection-level |
Create a connection
You can create connections using SQL, the Catalog Explorer UI (Catalog > Create > Create a connection), or the REST API and Databricks CLI.
The SQL CREATE CONNECTION statement supports the following TYPE values: DATABRICKS, HTTP, MYSQL, POSTGRESQL, REDSHIFT, SNOWFLAKE, SQLDW, SQLSERVER. SaaS ingestion types (such as Salesforce, HubSpot, and Jira) can only be created using the UI or APIs.
See CREATE CONNECTION in the SQL reference.
Connections and network policies
Security for outbound connectivity operates in the following layers:
- Unity Catalog connections govern credentials and connection configuration (URL, host, port, options). They provide a secure, governed way to store and share authentication details and connection settings for external systems without embedding secrets in code.
- Network policies govern network access. They control both outbound connectivity from Azure Databricks compute to external endpoints and inbound connectivity from external sources to your workspace. Unity Catalog connections do not enforce network restrictions. To manage allowed traffic in either direction, configure network rules.