PostgreSQL connectors (Preview)

The PostgreSQL Microsoft 365 Copilot connector allows your organization to index records from a PostgreSQL database. After you configure the connector, end users can search for these records from PostgreSQL in Microsoft 365 Copilot and from any Microsoft Search client.

Capabilities

• Index records from your PostgreSQL database by using a SQL query.
• Specify access permissions for every record with a list of users or groups added in the SQL query.
• Enable your end users to ask questions related to indexed records in Copilot.
• Use Semantic search in Copilot to enable users to find relevant content based on keywords, personal preferences, and social connections.

Limitations

• Supported PostgreSQL versions: The connector supports PostgreSQL version 14 or later.
• To support high crawl speed and better performance, the connector is built to support OLTP (Online Transaction Processing) workloads only. OLAP (Online Analytical Processing) workloads that don't execute the provided SQL query in 40-seconds timeout and aren't supported.
• ACLs are only supported by using a User Principal Name (UPN), Microsoft Entra ID, or Active Directory Security.
• Indexing rich content inside database columns isn't supported. Examples of such content are HTML, JSON, XML, blobs, and document parsings that exist as links inside the database columns.

Prerequisites

• You must be the AI administrator for your organization's Microsoft 365 tenant.
• Install the Microsoft Graph connector agent: To access your PostgreSQL server, you must install and configure the connector agent. See Install the Microsoft Graph connector agent to learn more.
• PostgreSQL Server address: To connect to your PostgreSQL data, you need your organization's PostgreSQL server address.
• Service Account: To connect to PostgreSQL server and allow Microsoft Graph Connector to update records regularly, you need a service account with read permissions granted to the service account.

Get Started with Setup

1. Display name

The display name identifies each citation in Copilot, so users can easily recognize the associated file or item. The display name also signifies trusted content and serves as a content source filter. A default value is present for this field, but you can customize it to a name that users in your organization recognize.

2. PostgreSQL server

To connect to your PostgreSQL data, you need your PostgreSQL server address, port, and database name.

3. Authentication Type

PostgreSQL connector only supports password based authentication to connect to the database.

4. Roll out to limited audience

Deploy this connection to a limited user base if you want to validate it in Copilot and other Search surfaces before expanding the rollout to a broader audience. To know more about limited rollout, click here.

Content

To search your database content, you must specify SQL queries when you configure the connector. These SQL queries need to name all the database columns that you want to index (source properties). This query includes any SQL joins that need to be performed to get all the columns. To restrict access to search results, you must specify Access Control Lists (ACLs) within SQL queries when you configure the connector.

1. Full crawl (Required)

a. Select data columns (Required) and ACL columns (Optional)

b. Supported data types

c. Watermark (Required)

2. Soft delete instructions (Optional)

To exclude soft-deleted rows in your database from being indexed, specify the soft-delete column name and value that indicates the row is deleted.

Users

1. Map columns containing access permissions information

Select Map columns to choose the various access control (ACL) columns that specify the access control mechanism. Select the column name you specified in the full crawl SQL query.

Each of the ACL columns is expected to be a multi-valued column. Separators such as semicolon (;), comma (,), and so on, can separate these multiple ID values. You need to specify this separator in the value separator field.

The following ID types are supported for using as ACLs:

• User Principal Name (UPN): A User Principal Name (UPN) is the name of a system user in an email address format. A UPN (for example: john.doe@domain.com) consists of the username (logon name), separator (the @ symbol), and domain name (UPN suffix). Security groups in Microsoft Entra don't have a User Principal Name and can't be mapped with this option.
• Microsoft Entra ID: In Microsoft Entra ID, every user or group has an object ID that looks something like 'e0d3ad3d-0000-1111-2222-3c5f5c52ab9b'.
• Active Directory (AD) Security ID: In an on-premises AD setup, every user and group have an immutable, unique security identifier that looks something like 'S-1-5-21-3878594291-2115959936-132693609-65242.'

2. Access permissions

You can choose to use the ACLs specified in the previous step or you can override them to make your content visible to everyone.

Sync

The refresh interval determines how often your data is synced between the data source and the Graph connector index.

You can configure full and incremental crawls based on the scheduling options present here. By default, incremental crawl (if configured) is set for every 15 minutes, and full crawl is set for every day. If needed, you can adjust these schedules to fit your data refresh needs.

At this point, you're ready to create the connection for PostgreSQL. You can click on the "Create" button to publish your connection and index data from your database.

Troubleshooting

After publishing your connection, you can review the status in the Connectors section of the admin center. To learn how to make updates and deletions, see Manage your connector.

If you have issues or want to provide feedback, contact Microsoft Graph | Support.