Azure Active Directory Authentication

Active Directory Password authentication allows users to authenticate to Azure SQL Database or SQL Server using their Azure Active Directory (AAD) credentials.

This is the process to create an SQL Server in the Azure Portal and configure it to use Active Directory Password authentication.

Create a SQL Server Instance

1. Go to the Azure Portal and search for “SQL Database”.

2. Click Add to create a new SQL Database.

3. Specify the required such as Server Name, Subscription, Resource Group, and Location.

4. Select the Database SKU and Performance Tier.

5. Click Review + create and then click Create to deploy the SQL Server instance.

Configure Active Directory Authentication

1. In the Azure Portal navigate to the newly created SQL Server instance.

2. Under Settings, select Active Directory Admin.

3. Assign an Azure Active Directory Admin to the SQL Server instance

Register an Application in Azure AD

1. In the Azure Portal, navigate to Azure Active Directory.

2. Select App registrations and then select New registration.

3. Specify the Application Name and Redirect URI. Select Accounts in this organizational directory only.

4. Click Register to create the application

Grant Permissions to the Application

1. In Azure Active Directory, navigate to the registered application.

2. Select API permissions and click Add a permission.

3. Select Microsoft SQL Server and Azure Synapse Analytics and then select user_impersonation.

4. Click Add permissions and then click Grant admin consent to grant the necessary permissions.

Create a SQL Login and User

1. Connect to your SQL Server instance using SQL Server Management Studio (SSMS) or another tool.

2. Create a SQL login for the application: CREATE LOGIN [applicationName] FROM WINDOWS;

3. Create a SQL user and map it to the login: CREATE USER [applicationUser] FOR LOGIN [applicationName];