Set Up a Microsoft Fabric OneLake File Federation Connection (Beta)
Create a Microsoft Fabric OneLake connection to pull data into Data 360.
| User Permissions Needed | |
|---|---|
| To create a OneLake connection: | System Admin profile or Data 360 Architect permission set |
Before You Begin
You must complete these setup tasks before creating the connection in Data 360:
-
Foundational Objects: Understand how objects are managed in OneLake. A tenant is effectively a single instance of Microsoft Fabric. You can create multiple workspaces within a tenant and multiple items within a workspace.
- Tenant: In your tenant’s Admin Portal, first go to Settings > Admin Portal > Tenant Settings > OneLake Settings and enable Users can access data stored in OneLake with apps external to Fabric. Then, go to Tenant Settings > Developer Settings and enable Service principals can call Fabric public APIs.
- Lakehouse Item: Data 360 can only query data in lakehouse items. To create a lakehouse item, see Create a lakehouse in Microsoft Fabric. If you haven’t created a workspace yet, first see Create a workspace - Microsoft Fabric.
-
Firewall: Both the catalog and storage endpoints must be accessible to Data 360’s IP addresses. Add these Data 360 IP Addresses to your allowlist before creating a connection. Connecting to private endpoints isn’t supported.
-
Authentication: In Azure Portal, go to Microsoft Entra ID > App Registrations > New Registration, and register Data 360 as an application. Inside the newly registered application, go to Certificates & Secrets > New Client Secret. Record the client ID and client secret immediately, because the client secret isn’t available after you close the tab.
- Workspace-Level Access: To give Data 360 access to all lakehouse items in a workspace, grant the registered application access to the workspace by navigating to Manage Access > Add People or Groups and assigning it the Contributor role.
- Lakehouse Item-Level Access: To give Data 360 access to only select lakehouse items, click each lakehouse item, go to Manage Permissions > Direct Access > Add User, and grant it the Read and ReadAll permissions.
Set Up the Connector
-
In Data Cloud, click Setup, and select Data Cloud Setup.
-
Under External Integrations, select Other Connectors.
-
Click New.
-
On the Source tab, select Microsoft Fabric OneLake and click Next.
-
Enter a name for the connection.
-
In Client ID, enter the ID of the application you registered in Microsoft Entra ID to represent Data 360. If you didn’t record the application ID, navigate to Azure Portal > Entra ID > App Registrations > {YOUR_APPLICATION} > Overview > Application ID.
-
In Client Secret, enter the secret you recorded during authentication setup. If you didn’t record the secret, create a new application in Microsoft Entra ID.
-
In Tenant ID, enter the ID of the tenant that Data 360 should connect to. Use one of these steps to find the tenant ID.
- Go to Azure Portal > Entra ID > Overview > Tenant ID.
- Go to Fabric > Help & Support > About Fabric, and extract the tenant ID from the URL:
https://app.fabric.microsoft.com/groups/...?ctid=<TENANT_ID>.
-
In Workspace ID, enter the ID of the workspace Data 360 should connect to. Use one of these steps to find the workspace ID.
- Go to the workspace in Fabric, and extract the workspace ID from the URL:
https://app.fabric.microsoft.com/groups/<WORKSPACE_ID> - Programmatically retrieve the workspace ID by making a GET request to
https://api.fabric.microsoft.com/v1/workspaces.
- Go to the workspace in Fabric, and extract the workspace ID from the URL:
-
In Item ID, enter the ID of the lakehouse item that Data 360 should connect to. Use one of these steps to find the lakehouse ID.
- Go to the lakehouse item in Fabric, and extract the item ID from the URL:
https://app.fabric.microsoft.com/.../lakehouses/<ITEM_ID> - Programmatically retrieve the item ID by making a GET request to
https://api.fabric.microsoft.com/v1/workspaces/<WORKSPACE_ID>/items?type=Lakehouse.
- Go to the lakehouse item in Fabric, and extract the item ID from the URL:
-
In Catalog URL, enter one of these values.
- The default, global OneLake Apache Iceberg REST endpoint:
https://onelake.dfs.fabric.microsoft.com/iceberg - The region-specific endpoint:
https://<REGION>-api.onelake.dfs.fabric.microsoft.com/iceberg.
- The default, global OneLake Apache Iceberg REST endpoint:
Storage Considerations
- Delta Tables: Data must be stored as Apache Iceberg-compatible Delta tables in Apache Parquet format. Native Apache Iceberg tables, external tables, and Delta tables using deletion vectors aren’t supported.
Other Considerations
- Row-Level Updates: Querying Iceberg tables configured to use Iceberg V2 MoR Position / Equality Deletes or Iceberg V3 Deletion Vectors isn’t supported.
- Views: Querying Iceberg views isn’t supported.
- Namespaces: Up to two levels of nesting are supported:
catalog -> namespace -> tableorcatalog -> namespace -> namespace -> table. When configuring a data stream, the Database picklist displays the names of all top-level namespaces, and the Schema picklist displays secondary namespaces registered under the selected top-level namespace. If no secondary namespaces exist, the Schema picklist is empty. - Temporal Data Types: The
timeandtimestamp_ntzdata types aren’t supported. - Change Data: Certain features in Data 360 require detecting when a data lake object changes (for example, data actions). For Data 360 to construct a change data feed—a log of incremental changes to an external data lake object—a primary key must be specified. To use such features, leverage Iceberg’s
identifier-field-idsconstruct to define which columns comprise a table’s primary key and ensure that your query engines (writers) respect your configuration. Currently, this isn’t possible for Microsoft Fabric OneLake Delta tables.