$SqlConnection.ConnectionString = $ConnectionString $ConnectionString="Data Source= Initial Catalog=tamopsdb "Ĭonnect-AzAccount -ServicePrincipal -Credential $mycreds -Tenant $tenantId $mycreds = New-Object ($appId, $secpasswd)
$secpasswd = ConvertTo-SecureString $password -AsPlainText -Force You now need to create a user with same name as service principle that you created earlier & then grant permissions to this user in this example I will be used db_owner.Ĭreate a user with same name as service principle that you created earlier Log into Azure SQL database using the user you added to above group (Not Azure Service Principal, you cannot use SQL Management studio to log into Azure SQL using service principal credentials. Select Azure SQL Server -> Active Directory admin and assign the Azure AD Group Create a service principal user in the Azure SQL database Once Azure Active Directory User Group has been created, its time to set Azure SQL Server Active Directory admin to this Azure AD group. To Assign Directory Readers permission to the Azure SQL Server, follow here here Set Azure SQL Server Active Directory admin as Azure Active Directory GroupĬreate a new Azure AD Group, Select Azure Active Directory -> GroupsĬreate Group as below, ensure members contains the app you created previously and another Active Directory user, that will be used to log into Azure SQL server to enable the configurations required before you can query Azure SQL database using Service principal. To Assign identity to the Azure SQL server, follow guide found here Select API Permissions and add Azure SQL permissions same as below Assign identity to the Azure SQL server & Assign Directory Readers permission to the Azure SQL server Once registered note down:- Application (client) ID & Directory (tenant) ID found in Overview, then select Certificate & secrets Supported Account Types: Accounts in this organizational directory only
Select New Registration Name: tamopssqlapp Select Azure Active Directory in Azure Portal