Configuring an ADF Linked Service Connection for Google BigQuery V2
For information on how to enable a connection for use with linked services, see Configuring a Linked Service Connection.
Field labels in this walkthrough follow the underlying Azure Data Factory property names. The exact labels shown in the BimlFlex Connection Editor may differ once the corresponding UI work ships; this page will be updated when screenshots are added.
After selecting Google BigQuery V2 from the Linked Service Type dropdown, the form required for creating a Google BigQuery V2 Linked Service will appear.
Screenshot pending. The Google BigQuery V2 linked service form is captured against the BimlFlex Angular UI; the screenshot will be added once that UI work ships.
BimlFlex surfaces the Google BigQuery V2 connector only. The legacy Google BigQuery V1 connector is not supported in the BimlFlex UI.
Choosing an Authentication Method
| Method | Best For | Setup Complexity |
|---|---|---|
| Service Authentication | Server-to-server, CI/CD pipelines | Medium — requires a Google Cloud service account JSON key |
| User Authentication | Interactive scenarios, OAuth-based access | Medium — requires an OAuth client ID, client secret, and refresh token |
Recommendation: Use Service Authentication for production and store the Key File Content in Azure Key Vault. Reserve User Authentication for interactive or developer scenarios where an OAuth-based flow is preferred.
Complete Example: Service Authentication with Azure Key Vault
| Field | Example Value |
|---|---|
| Connect via Integration Runtime | AutoResolveIntegrationRuntime |
| Project ID | my-gcp-project-123 |
| Version | 1.1 |
| Authentication Type | ServiceAuthentication |
| Azure Key Vault Linked Service | bfx-kv |
| Secret Name (for Key File Content) | BFX-LND-GoogleBigQueryKeyFile |
Required Fields
Common Required Fields
Most required fields for a Google BigQuery V2 Linked Service connection depend on the Authentication Type used. There are some fields that are required regardless of Authentication Type.
These common required fields are:
Conditionally Required Fields
- Version — required when targeting connector version
1.1; if omitted, the connector defaults to1.0.
Authentication Type Dependent Required Fields
The remaining field requirements are dependent on Authentication Type.
Required fields for Service Authentication:
- Key File Content (or Azure Key Vault)
Required fields for User Authentication:
- Client ID
- Client Secret (or Azure Key Vault)
- Refresh Token (or Azure Key Vault)
Connect via Integration Runtime
Connect via Integration Runtime is required for a Google BigQuery V2 Linked Service connection.
The default value is AutoResolveIntegrationRuntime.
To use a custom runtime, type the name into the editable dropdown or select from the Azure Integration Runtimes saved in BimlFlex settings.
When a custom value is saved in the linked service form, it will be added to the custom integration runtimes.
The custom values that appear in this dropdown can be maintained in Settings under Azure - AzureIntegrationRuntime.
Project ID
The Project ID identifies the Google Cloud project that hosts the BigQuery datasets the connector reads from.
This is the project identifier shown in the Google Cloud Console (for example, my-gcp-project-123) and maps to the ADF projectId property.
Version
Select the Google BigQuery V2 connector version.
Supported values are 1.0 and 1.1.
The version property is required when targeting 1.1; if omitted, the connector defaults to 1.0.
Use 1.1 for the most current behavior unless an existing pipeline requires 1.0 for compatibility.
Authentication Type
The Google BigQuery V2 Linked Service connection can use Service Authentication or User Authentication.
When using Service Authentication, a Key File Content value is required.
For User Authentication, a Client ID, Client Secret, and Refresh Token are required.
Service Authentication
Service Authentication uses a Google Cloud service account JSON key to authorize API access.
The service account must be granted access to the target BigQuery project and datasets in the Google Cloud Console (typically through the BigQuery Data Viewer and BigQuery Job User roles or equivalent custom roles).
The Key File Content field accepts the full JSON contents of the service account key file as plaintext, or an Azure Key Vault reference that resolves to the JSON contents at runtime.
It is suggested that Azure Key Vault be used in place of manually entering the Key File Content.
User Authentication
User Authentication uses an OAuth 2.0 client credential and a long-lived refresh token to authorize API access on behalf of a user.
The Client ID and Client Secret are obtained when registering an OAuth client in the Google Cloud Console. The Refresh Token is generated by completing the OAuth consent flow against the target Google Cloud project.
It is suggested that Azure Key Vault be used in place of manually entering the Client Secret and Refresh Token.
Azure Data Factory Linked Service Additional Information
For additional information on ADF Google BigQuery Linked Service and its connection requirements see the Azure Data Factory Google BigQuery Connector documentation.