Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How to add Azure AD Groups in Azure SQL Server

Tags:

azure-sql-database

azure-active-directory

Can someone tell me how can I add Azure Active Directory groups into the azure sql server, I am using server manager tool to do this but cant find any way to figure this out, I can add simple Azure Active Directory user though..What about groups?

like image 597
dead mah Avatar asked Sep 01 '17 14:09

dead mah

People also ask

How do I add Azure AD group to Azure SQL Database?

To assign an Azure Active Directory user/group to Azure SQL Database as an Administrator, in the Azure Portal, click SQL Server. Select and open the SQL Server with an Azure SQL Database. After that, open the SQL Server, click Active Directory admin, and press the "Set admin" option.

How do I connect to Azure SQL Database using Active Directory authentication?

Azure Active Directory authentication supports the following methods of connecting to a database using Azure AD identities: Azure Active Directory Password. Azure Active Directory Integrated. Azure Active Directory Universal with Multi-Factor Authentication.

Can we use Microsoft Azure SQL Database for Ad connect?

Azure SQL Database isn't supported as a database. This includes both Azure SQL Database and Azure SQL Managed Instance. You must use a case-insensitive SQL collation.

2 Answers

I will assume that you are wanting to provide access for end-users to connect, not Database Administrators. For my example below, let's say that the end-users are in a group called "AZ-Users", and that your Database Administrators (including you) are in a group called "AZ-DBAs".

For Azure SQL Databases, there are key things that must be in place to get this to work:

  1. There must be an "Active Directory admin" configured for your server. This can be any AAD user or an AAD group. You can check if this has been set or not by going to the Azure portal page for your server. Be careful that you are looking at the Overview page for the server, not the individual database, they are not the same thing. Detailed instructions here. In our example, we would configure this to be the AAD group called "AZ-DBAs".

  2. When you are ready to create the AAD login for "AZ-Users" on your Azure SQL Database, you must yourself be logged in using AAD... meaning a member of the "AZ-DBAs" group from my example above. You can use SSMS or any other similar tool for executing TSQL commands. Note that if you try a SQL auth connection instead, it won't work for step 4 below - you'll get this error:

Msg 33159, Level 16, State 1, Line 1
Principal 'AZ-Users' could not be created. Only connections established with Active Directory accounts can create other Active Directory users.

  1. Change the context to the database you want to provide access to for your end users.

  2. Execute this statement:

    CREATE USER [AZ-Users] FROM EXTERNAL PROVIDER

Note that this will create a "contained database user", as detailed here. That's it. This process works for AAD groups and AAD users.

  1. You will probably also want to grant some level of permissions as well, such as:

    EXEC sp_addrolemember 'db_datareader', 'AZ-Users'
like image 87
Mike Avatar answered Oct 17 '22 18:10

Mike

All you need to know about how to configure and manage Azure Active Directory Authentication you can find it in this article.

Then to connect to SQL Azure using Azure Active Directory authentication please read here.

like image 44
Alberto Morillo Avatar answered Oct 17 '22 18:10

Alberto Morillo
Sign in to Comment

Related questions

Controlling azure worker roles concurrency in multiple instance
Drawbacks to Team Foundation Service and TFS on Azure
Proper use of Azure storage. (When to use SQL, Tables and Blobs)
Can't connect a azure sql server from laravel on linux
SQL Azure EF Database First Connection String in Azure Management Portal
ASP.NET MVC 4 - How should I encrypt the connection string to my production SQL server?
Does setting SQL Azure rule "WINDOWS AZURE SERVICES"=YES mean anyone on azure can connect to my server?
How do I change a column from null to not null when an index depends on that column without recreating the index?
Windows authentication in asp.net mvc 3 hosted on Windows Azure?
Bacpac export errors
Accessing Azure File Storage from Azure Function
SQL Azure and Indexes
Where is the Region labelled East US 2 in Azure? [closed]
Changing Azure database port
Error 19 - Physical connection error
azure solutions for analysing xml data
What is the difference between Azure SQL Database Elastic Pools and Azure SQL Database Managed Instance?
Is there a limit to how long a SQL query can be in SQL Server? [duplicate]
How do I create a view in JetBrains DataGrip?
Enabling Azure SQL Database Automatic Tuning via ARM

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!