Home > Net >  Azure Active Directory Integrated Authentication with SQL
Azure Active Directory Integrated Authentication with SQL

Time:01-15

I'm quite new to the Azure AD. So I will be grateful for any hint.

I need to enable members of a given domain (of a given Active Directory) to log in to Azure SQL Server using Azure Active Directory - Integrated Authentication.

So far I've logged into Windows and connected it to Azure Acticve Directory in Windows Setting.
enter image description here

Looking through the documentation, I understand that I need to select one of the authentication methods proposed by Microsoft within Azure Active Directory. The easiest seems to be Password hash synchronization. So I would like to pick this one (But if others are simpliest I am open to change that choice)

What is the easiest way to synchronise this? Can I avoid having to create a Windows Server VM and install Azure AD Connect there?

The current configuration of AD Connect on Azure Portal looks as follows: enter image description here

To mention it again, the only service I care about is logging in via Azure Active Directory enter image description here

I apologise if the whole question has been wrongly structured, but it is simply based on what I have found on the forums and in the documentation.

Thanks in advance for any tips

[for example: https://youtu.be/PyeAC85Gm7w?t=565, https://docs.microsoft.com/en-us/azure/azure-sql/database/authentication-aad-configure?tabs=azure-powershell#using-an-azure-ad-identity-to-connect-using-ssms-or-ssdt, https://techcommunity.microsoft.com/t5/azure-sql-blog/azure-ad-pass-through-and-password-hash-authentication-support/ba-p/1269735]

CodePudding user response:

You don't need Azure AD Connect or password hash sync unless you have an on-premise Windows Server AD that you want to sync to Azure AD. Should note that AD is not the same as Azure AD. You don't need Windows Server AD with Azure SQL, just Azure AD. To grant a certain security group access to the server, you can run CREATE USER [group-name-here] FROM EXTERNAL PROVIDER; in the Azure SQL DB. Then you can use standard SQL stuff to grant that "user" access to the DB/tables.

Users should then use Azure Active Directory - Universal with MFA as the authentication method in SQL Server Management Studio.

Page link:https//www.codepudding.com/net/263615.html

Prev:Azure function HTTP trigger Blob storage output binding
Next:Microsoft Presidio support for spark using scala
  •  Tags:  
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding