Feature Description

We are requesting support for Azure Private Link connectivity to Databricks destinations when OAuth authentication is used, in parity with other supported authentication and network configurations.

At present, when using Fivetran with Azure Databricks over Azure Private Link, customers are forced to use Personal Access Tokens (PATs) instead of OAuth. This creates security, governance, and operational challenges in enterprise Azure environments.

Problem Statement

Our organization uses Azure Databricks with OAuth authentication (service principal–based) and enforces private networking only, with public network access disabled. Azure Private Link is a mandatory security requirement for inbound connectivity.

However, today:

• Azure Private Link is not supported when OAuth authentication is enabled, and
• As a result, we are forced to use Databricks Personal Access Tokens (PATs) to allow Fivetran connectivity.

This creates several issues:

• PATs do not align with our identity-first, least-privilege OAuth strategy
• Token rotation, lifecycle management, and auditing are operationally risky and manual
• PAT usage conflicts with enterprise security and compliance standards
• OAuth-based access via service principals is our required authentication model, not optional

Given these constraints, we are forced into one of the following:

• Relax network controls by exposing Databricks publicly
• Accept PAT-based authentication against policy
• Avoid using Fivetran for Databricks in secured Azure environments

None of these options are acceptable in a regulated, enterprise setting.

Requested Enhancement

Please add support for:

• Azure Private Link connectivity for Databricks destinations
• While using OAuth authentication (service principal–based)
• Including support for Unity Catalog–enabled workspaces and Databricks SQL warehouses
• Eliminating the requirement to use Personal Access Tokens when Private Link is enabled

This would allow customers to pair private networking with modern, identity-based authentication, consistent with Azure and Databricks best practices.

Business Impact

Supporting OAuth + Azure Private Link for Databricks would:

• Remove the need to rely on PATs, improving security posture
• Enable identity-based access, auditing, and token governance
• Unblock adoption of Fivetran in private-only Azure environments
• Align Fivetran with enterprise IAM, compliance, and Zero Trust standards
• Increase adoption among customers in regulated industries (finance, insurance, healthcare, etc.)

This is a gating requirement for production usage of Fivetran with Databricks in many Azure-first enterprises.

Additional Context

• Cloud: Microsoft Azure
• Destination: Azure Databricks (Unity Catalog enabled)
• Authentication: OAuth (service principal)
• Networking: Azure Private Link, public network access disabled
• Current limitation: Forced use of Databricks PATs when using Private Link