Connect to Azure SQL Managed instance By Using Azure AD Authentication

Azure Active Directory authentication is a mechanism of connecting to Microsoft Azure SQL Database or other resources by using identities in Azure Active Directory (Azure AD), SQL password Authentication is not a very secured, AD login is more secured and provides password rotation and MFA.

Azure Active Directory authentication uses contained database users to authenticate identities at the database level, i.e. does not have access to master database and access is assigned at individual database level. Azure AD identity can be either an individual user account or a group. I will walk you through how to create container DB access to AD group in this post.

Create Active directory Group in Azure AD

  1. Create Active directory group for DB access in Azure AD, multiple group can be created to isolate database access or to separate read and Write permission
  2. Add users to AD group.

Create Contained database users

  1. Connect to Azure Database using SQL Server Management Studio, to create container users/group you need to login with AD credentials/group that is setup as Admin on Database Server.
  2. In my case, Admin is Active directory user who is also SQL Admin.

  3. Run the following command to create contained DB users


Azure_AD_principal_name can be the user principal name of an Azure AD user or the display name for an Azure AD group

When you create a database user, that user receives the CONNECT permission and can connect to that database as a member of the PUBLIC role. Once you provision an Azure AD-based contained database user, you can grant the user additional permissions, azsrini-DB-RW is granted ‘CONTROL’ permissions

Connect to Database

Active Directory Integrated authentication

To connect to a database using integrated authentication and an Azure AD identity, the Authentication keyword in the database connection string must be set to Active Directory Integrated and the client application should be running on a domain joined machine.

string ConnectionString = @"Data; Authentication=Active Directory Integrated;"
SqlConnection conn = new SqlConnection(ConnectionString);

Active Directory principal name and password

To connect to a database using AD name an password, the Authentication keyword must be set to Active Directory Password and the connection string must contain User ID/UID and Password/PWD keywords and values

string ConnectionString = @"Data; Authentication=Active Directory Password;; PWD=passwrod123";

Connect using SQL Management Studio

To connect from management studio, go to options, enter the database and then connect using the Active directory username/password

Useful Links:


AD authentication is secured way to connect to Database , AD takes care of password rotation and MFA, it also eliminated storing passwords in connecting client applications.

Thank you
Srinivasa Avanigadda

Connect to Azure SQL Managed instance By Using Azure AD Authentication

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s