Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Note
An alternate Foundry project connections article is available: Add a new connection to your project (Foundry projects).
Connections in Azure AI Foundry hubs allow you to securely integrate external resources and services, such as Azure AI services and other Azure data services. This article covers hub-scoped connection tasks.
Prerequisites
- An Azure subscription.
- An Azure AI Foundry hub with the required role assignments to create and manage connections.
Add a connection at the hub scope
- Open the Azure AI Foundry portal and navigate to your hub.
- Select Management center > Connections.
- Select + New connection and choose the connection type (for example, Azure AI services, Azure OpenAI, Azure Storage, Azure SQL, or custom endpoint).
- Provide the required configuration values (resource selection, endpoint URL, authentication method such as key, managed identity, or service principal).
- Select Create to save the connection. The connection becomes available to all projects within the hub, subject to project-level permissions.
Manage existing hub connections
From the Connections page in Management center:
- Select a connection name to view details, including authentication method and scope.
- Use Edit to update authentication credentials or rotate keys.
- Use Disable to temporarily prevent new usage without deleting the configuration.
- Use Delete to remove the connection (projects depending on it will no longer function until reconfigured).
Network isolation considerations
When using private endpoints or VNet-injected resources, ensure the following for hub connections:
- DNS resolution for private endpoints is configured for all project subnets.
- Managed identity or service principal used by the connection has network access to the target resource.
- For storage or database connections, allow firewall rules to include the hub managed identity or necessary outbound IP ranges.
Authentication options
Hub connections support these authentication methods (availability varies by connector type):
- Managed identity (system or user-assigned)
- Service principal (client ID/secret or certificate)
- API key (for key-based Azure AI services / OpenAI)
- SAS token (for specific storage scenarios)
Prefer managed identity wherever possible for keyless and rotated credential management.
Rotate credentials
- Select the connection.
- Choose Edit.
- Update the secret, key, or certificate reference.
- Save changes. Rotation is immediate; ensure running jobs or deployments are restarted if they cached credentials.
Auditing and monitoring
- Use Azure Activity Log to track create/update/delete events on connection resources.
- Use hub diagnostic settings to export administrative and policy logs for compliance.