Our project is using Azure B2C for customer identity/information and Azure SQL for transactions and such. We need to run reports that pulls from both places (i.e. a transaction report).
What is the best way to create such reports? Is there a pattern for this?
I could copy just the fields needed to B2C into SQL but that introduces consistency issues.
Thank you for any information!
You can use Azure Active Directory for authentication with your Azure SQL Database , Not Azure AD B2C.
If you would like to use Azure AD authentication with your SQL database please refer the document
Related
When setting up a Data Migration Project, migrating from SQL database to Azure SQL Database in Azure Portal, I can only see the option to connect to the Target database using SQL Login Authentication Type.
I expect to see more options - like Azure AD integrated Mode.
I am in Azure AD Group assigned as SQL Admin on the Azure SQL Server.
Is any other Authentication Type supported for the target Azure Server?
If others are support, what do I need to do to get them to be available in the Authentication Option for the target server?
Thank you
The following tutorial spells out that only SQL Logins are currently supported:
https://learn.microsoft.com/en-us/azure/dms/tutorial-sql-server-to-azure-sql#specify-target-details
What is the best approach for syncing users between Azure AD and an Azure-hosted SQL DB? I would like users to be able to authenticate to the Azure site and then the .Net core v3.1 application will use the authenticated Azure AD user Id to insert table row data based on the authenticated user ID. I am sure this is pretty straight forward but some articles or advice would be helpful as this is my first stab at hosting an Azure .Net Core solution with Azure AD and website SQL DB.
My site currently authenticates users that I've added to Azure Active Directory and I have the tenant connecting and working correctly.
Do you want users to be able to only see or add data based on their authentication? Or do you only want the app to insert the data of the user like an automated process?
If the first option, consider Row-level Security
If the second option you need to add permissions for all users to the DB then its like any other connection. Connect to the DB using AAD then you can insert data under that user
TLDR;
How do I add AD users to an Azure database created in a DevOps pipeline?
Our DBA has a process to create daily bacpacs from production and store them in an azure blob container, I then provided the developers with a DevOps pipeline that restores a specified bacpac into the development server. The issue is that the developers can't connect to these databases using their domain account. I don't know how to give them access because
AFAIK I can't connect with a domain user to the database from the pipeline
Azure requires that the connected user is an AD user to be able to create other AD users
I could work around it by creating an sql user and grant that user permissions in the pipeline, however the company is actually moving away from sql users and relying more on AD security and MFA, so this isn't really a solution for me.
For one to add domin account to the database, one must be logged in to the database via a domain account that has adminstrative privileges.
So there is a Azure SQL database deployment task in Azure devops wherein you have the property to execute SQL queries.
So you can use that task to automate the user access through SQL tasks by connecting through the AD account.
Note: Recently a new authentication has been added of service principal
Hope this is what you are expecting :)
We just completed the data migration from Teradata system to Azure SQL DW.
Now we just need to provide necessary access to all supporting Teradata Users and Service accounts to Azure SQL DW. For this i have some basic query:
All the accounts/Users are of domain type,so can i use Azure Active
directory to set up those accounts and configure it to have access
Azure SQL DW. Please let me know the process.
What kind of privilege/Access is needed in Azure Portal for
creating those account within Azure Active Directory.
In Azure SQL DW how do i add Azure AD account to specific roles
that i'll be creating. How the authentication will happen here.
Let me know if the above steps is feasible. Is there any alternative approach in providing on-prem User accounts access to Azure SQL DW
Thanks
You can follow the instructions on the Use Azure Active Directory Authentication for authentication with SQL Database, Managed Instance, or SQL Data Warehouse for setting up Azure Active Directory with SQL Data Warehouse. A subscription admin can configure the permissions - see the Configure and manage Azure Active Directory authentication with SQL Database, Managed Instance, or SQL Data Warehouse.
In addition, there is a description of how to create AD users Adding AD Users and Security Groups to Azure SQL Data Warehouse. It's a simple matter of using the CREATE USER and CREATE LOGIN statements.
For users:
CREATE USER <alias#domain> FROM EXTERNAL PROVIDER WITH DEFAULT_SCHEMA = <schema>;
For security groups:
CREATE USER <Security Group Display Name> FROM EXTERNAL PROVIDER WITH DEFAULT_SCHEMA = <schema>;
We have easily sent up our AD with Azure SQL which now we can login and run queries, etc... with SSMS. Now we would like to set our apps in Azure App Services to run as an AD user. This would be to mimic IIS apps using an application pool that's is running as an AD user. I have not found a clear blog or step by step guide on how to do this. any help would be greatly appreciated.
UPDATE:
This is specifically to be able to connect to the database using AD Credentials and not using SQL Credentials.
Azure Active Directory authentication for SQL Database or SQL Data Warehouse supports the following methods of connecting to a database using Azure AD identities( refer here):
Using integrated Windows authentication
Using an Azure AD principal name and a password
Using Application token authentication
And the scenario you mentioned is not support. We can create an application in Azure AD and using the token authentication for this scenario. More detail about Azure AD authentication, you can refer the link below:
Configure and manage Azure Active Directory authentication with SQL Database or SQL Data Warehouse- Azure AD token
In addition, if you have any idea or feedback about Azure SQL database, you can submit them from here.