I would like to connect to an Azure SQL Database using my Azure Data Factory. The Azure SQL Database is created on another tenant and has SQL authentication disabled.
Is there another option to connect to this Azure SQL Database than using a Service Principal?
I tried to connect using User Managed Instance and System Managed Instance, but this does not seem to work as the Azure SQL Database is on another tenant. SQL Authentication is also not an option.
In case if the Azure SQL Database is in another tenant than ADF, then SQL Auth and Service principal auth are the only ways for the connectivity .
Managed identities are only leveraged for same tenant components.
Related
I have an azure container instance and an azure sql database.
I would like to connect the azure container instance to the server which runs the database because I need to tune some params for postgres.
I want to do this programatically without prompting for a password but without compromising the security.
How can I achieve this?
Use Managed Service Identity(MSI) with ACI, configure Azure SQL to use Azure AD and authorize identity to your database.
https://learn.microsoft.com/en-us/azure/container-instances/container-instances-managed-identity
https://learn.microsoft.com/en-us/azure/azure-sql/database/authentication-aad-configure?view=azuresql
When we create an Azure SQL server, we can opt to have it authenticate users against Azure AD, but I don't see any option during creation (or afterward in the settings pages of the server instance) to select which directory, if the account has more than one; it seems to just use the one marked as "default" in the directories list. The account I'm creating the SQL server in has 4 directories, two normal and two B2C:
The "setup a new SQL server" wizard offers "Azure AD" as an option, but not any choice of which:
How do we change the directory a particular SQL server uses? And can it be an Azure AD B2C directory, or does it have to be an Azure AD type directory?
• You can surely set the directory of the Azure SQL server that you are connecting to by specifying the ‘Azure subscription context’ and the Azure subscription and tenant details as shown below in the ‘Connect-AzAccount’ cmdlet and then connecting to the correct Azure SQL database through the SQL Server Management Studio. As when through the powershell, you connect to the Azure subscription account by specifying the correct details in the context of your Azure tenant and subscription, the device based login is done successfully and when you connect through the SSMS, the SQL servers and databases are shown that are created in the specified tenant.
Thus, in this way, you can connect to the Azure SQL Database server with the configured Azure AD authentication. Also, please do take note that when you are provisioning an Azure SQL server, it asks you an option to select the ‘Azure AD Admin’ for that SQL server as below in which you can select the user (default) that needs to be used an SQL Administrator for the deployed Azure SQL DB Server.
• Therefore, in this way, you can select the Azure AD tenant from which you want to authenticate to the SQL server. Also, please remember that each subscription can only trust a single directory/Azure AD instance, whereas multiple subscriptions can trust the same Azure AD instance. As a result, in the same Azure AD tenant, you can associate multiple subscriptions but the vice versa is not possible. Hence, please check accordingly.
Please check the below given link for more details: -
https://learn.microsoft.com/en-us/azure/active-directory/fundamentals/active-directory-how-subscriptions-associated-directory
When setting up a Data Migration Project, migrating from SQL database to Azure SQL Database in Azure Portal, I can only see the option to connect to the Target database using SQL Login Authentication Type.
I expect to see more options - like Azure AD integrated Mode.
I am in Azure AD Group assigned as SQL Admin on the Azure SQL Server.
Is any other Authentication Type supported for the target Azure Server?
If others are support, what do I need to do to get them to be available in the Authentication Option for the target server?
Thank you
The following tutorial spells out that only SQL Logins are currently supported:
https://learn.microsoft.com/en-us/azure/dms/tutorial-sql-server-to-azure-sql#specify-target-details
Am trying to connect to Synapse Serverless Pool using Service Principal but getting below error in my Azure Data Factory Pipeline.
Cannot connect to SQL Database: 'xxxxx-ondemand.sql.azuresynapse.net', Database: 'synapse_od', User: ''. Check the linked service configuration is correct, and make sure the SQL Database firewall allows the integration runtime to access.
Login failed for user '<token-identified principal>'., SqlErrorNumber=18456,Class=14,State=1,
Activity ID: 2516df76-0215-4f27-990d-3c4654a07704.
**This may happen if your data source only allows secured connections. If that's the case, please use a VNet integration runtime**.
But can happily connect using SQL Authentication.
Service Principal been granted Contributor role on Synapse.
Any clues!!!!
After I do following steps. Linked service with Service principal Authentication type works fine.
CREATE USER [ad_user_name] FROM EXTERNAL PROVIDER;
EXEC sp_addrolemember db_owner, [ad_user_name];
We just completed the data migration from Teradata system to Azure SQL DW.
Now we just need to provide necessary access to all supporting Teradata Users and Service accounts to Azure SQL DW. For this i have some basic query:
All the accounts/Users are of domain type,so can i use Azure Active
directory to set up those accounts and configure it to have access
Azure SQL DW. Please let me know the process.
What kind of privilege/Access is needed in Azure Portal for
creating those account within Azure Active Directory.
In Azure SQL DW how do i add Azure AD account to specific roles
that i'll be creating. How the authentication will happen here.
Let me know if the above steps is feasible. Is there any alternative approach in providing on-prem User accounts access to Azure SQL DW
Thanks
You can follow the instructions on the Use Azure Active Directory Authentication for authentication with SQL Database, Managed Instance, or SQL Data Warehouse for setting up Azure Active Directory with SQL Data Warehouse. A subscription admin can configure the permissions - see the Configure and manage Azure Active Directory authentication with SQL Database, Managed Instance, or SQL Data Warehouse.
In addition, there is a description of how to create AD users Adding AD Users and Security Groups to Azure SQL Data Warehouse. It's a simple matter of using the CREATE USER and CREATE LOGIN statements.
For users:
CREATE USER <alias#domain> FROM EXTERNAL PROVIDER WITH DEFAULT_SCHEMA = <schema>;
For security groups:
CREATE USER <Security Group Display Name> FROM EXTERNAL PROVIDER WITH DEFAULT_SCHEMA = <schema>;