NOV. 7, 2025
9 Min Read
Business users get a spreadsheet-like experience (familiar to anyone used to Excel or Google Sheets), so they can explore data, test scenarios, and build quick projections without needing SQL knowledge or risking production data. Meanwhile, data teams can rely on Databricks’ high-performance engine and Unity Catalog to maintain governance and security.
This guide walks through every step of setting up the Sigma–Databricks integration so your teams can confidently analyze, visualize, and act on your lakehouse data.
Introduction
Connecting Sigma with Databricks unites two complementary strengths: an intuitive analysis layer and a governed, scalable data platform. Sigma provides an interface that feels like a spreadsheet, allowing non-technical users to work directly with data as if they were in Excel or Google Sheets. No SQL or BI training required.
When this runs on top of Databricks, every calculation, query, and visualization draws from Unity Catalog-governed data in your lakehouse. Teams can safely perform what-if analyses, explore large datasets, and test predictive logic, all backed by Databricks’ optimized compute environment and without touching production systems.
In the sections below, I’ll guide you step by step through the process: creating a Sigma connection, setting up authentication, enabling writeback, and applying best practices. By the end, you’ll have a secure, maintainable integration that brings governed analytics to your entire organization.
Why Sigma?
Sigma is a modern business intelligence (BI) platform built to make data accessible to everyone, not only developers or data analysts. Where many BI tools rely heavily on SQL, Sigma brings a spreadsheet-style user experience directly to your warehouse or lakehouse. Users can explore, filter, and compute directly on governed data using familiar spreadsheet logic, with no need for specialized query language skills.
Combined with Databricks, Sigma offers a balance of accessibility and control:
- Business users analyze data through a spreadsheet-like UI.
- Data teams maintain governance and access controls via Unity Catalog.
- Everyone works from a shared, trusted source of data in the lakehouse.
- Teams can model, test, and simulate on live data using Databricks’ compute power without duplicating or exporting anything.
This collaboration model bridges technical and business functions, enabling governed self-service analytics that remain secure, fast, and trustworthy.
Creating a connection in Sigma
Sigma needs a direct connection to Databricks to access and query your data. Make sure you have administrative privileges in Sigma before you begin.
Open your Sigma workspace, navigate to Connections, and click Create connection. A list of supported data sources will appear. Choose Databricks, then assign a name to your connection. For this example, we’ll use a demo connection.
Sigma connections page
Connection credentials
Selecting Databricks opens a configuration screen with several sections.
The first, Connection credentials, asks for your host, HTTP path, authentication type, and access token.
You’ll also notice a Write access toggle for enabling data writeback.
Below that, the Connection features section lets you specify timeouts, apply friendly names, and toggle features such as the Hive Metastore.
Start with Connection credentials, which are essential. You’ll need your Databricks SQL Warehouse hostname. This corresponds to your Databricks workspace URL.
To retrieve these details, open your Databricks workspace, go to SQL Warehouses, and select the warehouse Sigma should use. Under the Connection details tab, copy the Server hostname and paste it into the Host field in Sigma.
Next, copy the HTTP path value from the same page and paste it into Sigma’s HTTP path field.
Databricks SQL Warehouse connection details view
Authentication options
Sigma offers two authentication methods for Databricks connections:
- Basic Auth (Basic Authorization)
- OAuth
With Basic Auth, Sigma uses a single credential to connect to Databricks. Every Sigma user shares this same access token, which typically belongs to a dedicated service account rather than an individual.
The benefit of Basic Auth is simplicity. However, it lacks user-level access control. Everyone connecting through Sigma inherits the same privileges. If your organization needs to restrict access to certain catalogs, schemas, or apply row-level security, this method won’t suffice since it hides individual identities behind one shared user.
For granular governance aligned with Unity Catalog permissions, OAuth is the recommended approach. OAuth supports identity pass-through, so each Sigma user authenticates with their Databricks account and inherits their specific access rights automatically.
Setting up OAuth
If you prefer Basic Auth, simply generate a personal access token from your Databricks workspace and paste it into the Access token box in Sigma.
If you choose OAuth, an additional section—OAuth features—appears with fields for scopes, metadata URL, client ID, and client secret. These values come from a Databricks app you’ll create in the Databricks Account Console.
To do this, open your Databricks Account console, select Settings, then go to the App connections tab.
Databricks admin console app connections page
On the Add connection page, assign a name to your new application. For this walkthrough, we’ll use App connection sigma_demo_app.
Next, set the Redirect URL. This is a Sigma-provided URL that varies depending on your cloud provider. Because this demo uses Databricks on AWS, the redirect URL is:
https://aws-api.sigmacomputing.com/api/v2/oauth/1/authcode
Be sure to double-check Sigma’s documentation, as redirect URLs differ across cloud providers and occasionally by region.
Finally, review and enable the required access scopes. The SQL scope is enabled by default, but you may include additional scopes depending on your workflow.
Finalizing the connection
Before completing setup, generate a Client secret, which Sigma will use along with the client ID for OAuth authentication. You’ll also see a field to configure the Access token time-to-live (TTL). In most cases, the default value is fine.
Click Add to finish creating the connection.
Databricks admin console app connections page
After the connection is created, a pop-up displays your Client ID and Client secret. Copy both immediately and store them securely, as they won’t be displayed again.
You’ll need these credentials in Sigma’s configuration. If they’re lost, you’ll have to recreate the connection in the Account Console.
Databricks app connection client ID and secret page
Paste the client ID and client secret into Sigma’s Databricks connection form. (The demo credentials shown here have since been deleted.)
Next, construct the Metadata URL using your Databricks workspace address, following Sigma’s documentation. For example:
https://dbc-myworkspaceid.cloud.databricks.com/oidc/.well-known/openid-configuration
Once these details are in place, you can finalize the Sigma–Databricks connection. Each user who accesses this connection will authenticate through OAuth, using their own Databricks identity. At this point, Sigma users can explore and analyze data, create workbooks, and build flows directly on top of Databricks.
Enabling write access
By default, the Databricks connection provides read-only access. To allow Sigma users to write data back to Databricks, toggle Enable write access.
Once this is activated, the Service account configuration section appears. Writeback operations require a service account, which Sigma uses to manage data ingestion and log tables.
In this section, define which catalog and schema Sigma should use for writeback. You can specify multiple combinations, helpful when isolating projects or departments.
Sigma also generates a log table that records all write operations with timestamps and metadata. Assign a catalog and schema for this table as well.
You may use existing catalogs or create new ones. For clarity, I created a dedicated Sigma catalog, containing two schemas:
- Sigma_WriteBack
- Sigma_Input_Log
Finally, configure a service principal for Sigma, generate an access token, and paste it into the access token field. (If you need step-by-step instructions, see my related post “How to generate a PAT for a Databricks service principal.”)
Sigma new data connection page
If you’ve created a new schema for writeback, don’t forget to grant the required permissions to all users who will write data from Sigma. Without those privileges, write operations will fail. Once that’s configured, click Create to complete setup.
When you click Browse, Sigma may prompt you to authenticate via OAuth. Sign in with your Databricks credentials, and you’ll then see all available catalogs and schemas you’re authorized to access. You can now use those directly within Sigma to build queries, visualizations, and workflows.
Edge cases and best practices
A few scenarios and best practices are worth noting:
- Multiple workspaces: Create a distinct Databricks connection for each workspace in Sigma. This ensures permissions and usage are neatly scoped to their respective environments.
- Dedicated SQL warehouse: Use a SQL warehouse dedicated to Sigma. It simplifies monitoring performance and costs, helping track which users are querying and how resources are consumed.
- IP restrictions: If your Databricks environment is IP-restricted, make sure to whitelist Sigma’s IP addresses as shown on the connection setup page.
Initially, the Databricks connection will be visible only to the creator. To share it, you’ll need to grant access to additional Sigma users or groups.
From the connection page, click Browse, then Grant access. Search for users or groups, and assign either Can use and annotate or Can admin permissions based on their responsibilities. Unless granted access here, users won’t see or use the connection at all.
Conclusion
Integrating Sigma with Databricks provides a robust foundation for secure, governed analytics and team collaboration. Basic Auth offers a simple start, while OAuth supports identity-aware governance consistent with Databricks’ access model. Enabling writeback through service accounts, catalogs, and schemas allows data to flow safely in both directions.
To optimize your setup:
- Use OAuth to enable user-level access control.
- Create a dedicated SQL warehouse for Sigma to monitor costs and performance.
- Maintain separate connections per workspace for clarity and organization.
- Explicitly grant access within Sigma to keep data permissions intentional.
Following these steps will give you a reliable, scalable integration that empowers your organization to use Sigma on top of Databricks with confidence.
