...
Microsoft SQL Server with the SQL Authentication and Integrated Security
Azure SQL Database and Azure SQL Managed Instance with:
SQL Authentication
Active Directory Integrated Authentication
Active Directory Password Authentication
Active Directory MSI Authentication
SQL Authentication
SQL Authentication refers to the authentication of a user when connecting to Azure SQL Managed Instance and using username and password.
...
Username
Password
Hostname
Port
Database name
Instance name
Azure Active Directory Authentication
The Azure Active Directory authentication refers to the authentication of a user when connecting to Azure SQL Managed Instance and using identities in Azure Active Directory.
Prerequisites
To use the Azure Active Directory authentication mode, you need to :
...
Ńonfigure Azure AD with Azure Managed Instance.
Active Directory Integrated Authentication
Active Directory Integrated Authentication is a mechanism of connecting to Azure SQL Managed Instance by using the Azure Directory integrated mode.
To use the Active Directory Integrated Security authentication option, follow these steps:
On your client machines, from which your applications or users connect to Azure MI using Azure AD identities, install the following software:
.NET Framework 4.6 or later from https://msdn.microsoft.com/library/5a4x27ek.aspx.
Azure Active Directory Authentication Library for SQL Server (ADAL.DLL).
Install the latest OLE DB driver that contains the ADAL.DLL libraryYou can install the adal.dll
file from Microsoft ODBC Driver for SQL Server or Microsoft OLE DB Driver for SQL Server.
Info |
---|
For more information about requirements, see Configure your client computers. |
Check whether you can see the
adal.dll
file in theC:\Windows\System32
andC:\Windows\SysWOW64
folders, which is needed for the Active Directory Integrated connection. Theadal.dll
file will be automatically added to these folders after you install the OLE DB driver.
Info |
---|
In case you have issues with the |
Active Directory Integrated Authentication
Active Directory Integrated Authentication is a mechanism of connecting to Azure SQL Managed Instance by using the Azure Directory integrated mode.
To use the Active Directory Integrated Security authentication option, follow these steps:
Ensure that you federated the on-premise Active Directory Federation Services (AD FS) with the Azure Active Directory in the cloud.
Make the connection from a domain-joined machine that is connected with Azure Active Directory. Additionally, a database user representing your Azure Active Directory principal, or one of the groups to which the user belongs, needs to exist in the database and have the
CONNECT
permission.
Info |
---|
You can access Azure SQL Managed Instance without entering credentials when you are logged in to a domain-joined machine. |
...
Run the following scripts:
Code Block |
---|
CREATE LOGIN [testuser@onmicrosoft.com] FROM EXTERNAL PROVIDER; CREATE USER [testuser@onmicrosoft.com] FOR LOGIN [testuser@onmicrosoft.com]; ALTER ROLE [db_datareader] ADD MEMBER [testuser@onmicrosoft.com]; ALTER ROLE [db_datawriter] ADD MEMBER [testuser@onmicrosoft.com]; ALTER ROLE [db_ddladmin] ADD MEMBER [testuser@onmicrosoft.com]; |
Ensure that the SQL Server JDBC Driver Authentication Library is in
C:\Windows\System32
. The file name
ismssql-jdbc_auth-<version>-<arch>.dll
, where version is a version number for the file.
Tip |
---|
Example: mssql-jdbc_auth-8.4.1.x64.dll. |
...
Also, enter your hostname, port, application name, database name, and instance name.
Active Directory Password Authentication
As Azure Active Directory Password Authentication is a mechanism for connecting to Azure SQL Managed Instance by using identities in Azure Active Directory, you can connect to applications by using an Azure Active Directory username and password.
To connect using the Active Directory Password authentication, follow these steps:
Ensure that you federated the on-premise Active Directory Federation Services (AD FS) with the Azure Active Directory in the cloud.
Make the connection from a domain-joined machine that is connected with Azure Active Directory. Additionally, a database user representing your Azure Active Directory principal, or one of the groups to which the user belongs, needs to exist in the database and have the
CONNECT
permission.
Info |
---|
You can access Azure SQL Managed Instance without entering credentials when you are logged in to a domain-joined machine. |
3. Run the following scripts:
Code Block |
---|
CREATE LOGIN [testuser@onmicrosoft.com] FROM EXTERNAL PROVIDER;
CREATE USER [testuser@onmicrosoft.com] FOR LOGIN [testuser@onmicrosoft.com];
ALTER ROLE [db_datareader] ADD MEMBER [testuser@onmicrosoft.com];
ALTER ROLE [db_datawriter] ADD MEMBER [testuser@onmicrosoft.com];
ALTER ROLE [db_ddladmin] ADD MEMBER [testuser@onmicrosoft.com]; |
Info |
---|
For more information about the configuration of the |
To create a connection with the Active Directory Password mode in Datical DB, select the following:
...
Also, enter your hostname, port, application name, database name, instance name, username, and password.
Info |
---|
For more information about the configuration of the |
Active Directory MSI Authentication
You can use Active Directory MSI Authentication for connection from inside an Azure Resource with the Identity
feature.
...
Info |
---|
For more information about the configuration of the |
To create a connection with the Active Directory MSI mode in Datical DB, select the following:
Ensure that you federated the on-premise Active Directory Federation Services (AD FS) with the Azure Active Directory in the cloud.
Make the connection from a domain-joined machine that is connected with Azure Active Directory. Additionally, a database user representing your Azure Active Directory principal, or one of the groups to which the user belongs, needs to exist in the database and have the
CONNECT
permission.
Info |
---|
You can access Azure SQL Managed Instance without entering credentials when you are logged in to a domain-joined machine. |
3. Run the following scripts:
Code Block |
---|
CREATE LOGIN [testuser@onmicrosoft.com] FROM EXTERNAL PROVIDER; CREATE USER [testuser@onmicrosoft.com] FOR LOGIN [testuser@onmicrosoft.com]; ALTER ROLE [db_datareader] ADD MEMBER [testuser@onmicrosoft.com]; ALTER ROLE [db_datawriter] ADD MEMBER [testuser@onmicrosoft.com]; ALTER ROLE [db_ddladmin] ADD MEMBER [testuser@onmicrosoft.com]; |
To create a connection with the Active Directory MSI mode in Datical DB, select the following:
...