Introduction
By default, when somebody creates an Azure SQL Server, an Administrator with SQL Authentication is made as a matter of course. In any case, for authoritative purposes, it is a best practice to utilize Azure Active Directory.
Azure Active Directory is a cloud directory and identity management administration service having various qualifications for every application.
That is the reason using Azure AD for Azure SQL Database or other Azure applications is necessary. You can bring together the verification management. It also provides more high security to your Azure SQL Databases.
Learn how to
- How to create an Azure Active Directory user
- How to create an Azure Active Directory group and assign the user group
- How to add an Azure Active Directory user/group as an Azure SQL Administrator
- How to add Azure Active Directory users to Azure SQL Database
Requirements
- A subscription to Azure
- An Azure SQL Server and database created (if you do not have that, you can create a new one)
Getting started
By default, an Azure AD directory is already created. We will first create the user and then add it to a group. Finally, we will add it to the Azure SQL Database.
Step 1 - Create an Azure Active Directory User
In the Azure Portal, click on the account and select your directory.
The directory information like users and groups in Azure will show. In this example, the directory is hadshanakoutlook.onmicrosoft.com.
To create a user, in the Azure Active directory, press the > and look for Users and Groups. Go to All users and click the “New user”.
After that, add/fill-in the information about the user like the name, user name, first name, last name, work information, etc.
Assign roles like the User, Global, and Limited administrator role. Once you select the options, click "Create".
Roles
- A user can access the resources but cannot manage the directory resources.
- A global administrator can do anything except changing the password of another administrator.
- The limited administrator is limited to the role assigned. It can be a password administrator, service administrator, SharePoint administrator, security administrator, etc.
The new user is created successfully.
After this, if you click on the new users, you will see the options to reset the password or to delete it. By default, the user is created with a temporary password that you are forced to change after the first login to the portal.
Click the option to check the profile.
In Profile, you can add your photo, block the permissions to sign in, specify usage location and add more information.
Step 2 - Create an Azure Active Directory Group and assign the user to the group
It works with groups instead of working with individual users. It simplifies the administration of accounts when people move to another office or another company.
To create a new user group in the Azure Portal, go to Azure Active Directory >> All Groups and select New Group.
Then, assign users to the group now. In Members, check the users that you want to add to the group.
After this, add the Group or User. See or check.
Step 3 - How to add an Azure Active Directory user/group as an Azure SQL Administrator
To assign an Azure Active Directory user/group to Azure SQL Database as an Administrator, in the Azure Portal, click SQL Server.
Select and open the SQL Server with an Azure SQL Database.
After that, open the SQL Server, click Active Directory admin, and press the "Set admin" option.
Then, select a User or a Group as the Active Directory Administrator.
Select the user or group and click on "Save".
Successfully added! Open in the SSMS, try to login using the new Azure Active Directory User created.
Summary
In this article, we learned how to add an Azure Active Directory User/Group in Azure SQL Database. In my next article, I will cover the next step of this series.