We’re pleased to announce general availability of Microsoft https://learn.microsoft.com/azure/mysql/flexible-server/concepts-azure-ad-authentication for Azure Database for MySQL - Flexible Server! With Azure AD authentication, you can connect to Flexible Server and manage database user identities and other Microsoft services in a central location, simplifying permission management.
When you are configuring authentication for accessing a MySQL flexible server, you have three options:
- MySQL authentication only – The default option, this provides for native MySQL Authentication such that the MySQL login and password is used to access Azure Database for MySQL - Flexible Server.
- Azure Active Directory authentication only – Native MySQL authentication is disabled, and you only can authenticate as an Azure AD user. When you select this option, the aad_auth_only server parameter is set to Enabled.
- MySQL and Azure Active Directory authentication – Native MySQL authentication and Azure AD authentication are both used to connect to the MySQL flexible server. When you select this option, the aad_auth_only server parameter is set to Disabled.
Benefits
- Authentication of users across Azure Services in a uniform way.
- Management of password policies and password rotation in a single location.
- Multiple forms of authentication supported by Azure Active Directory, which can eliminate the need to store passwords.
- Customers can manage database permissions using external (Azure AD) groups.
- Azure AD authentication leverages MySQL database users to authenticate identities at the database level.
- Support of token-based authentication for applications connecting to Azure Database for MySQL - Flexible Server.
Before Azure AD can work properly, you first must add a User-assigned Managed Identity (UMI) to the flexible server. For details on how to get started, watch the following demo video and/or refer the article https://learn.microsoft.com/en-us/azure/mysql/flexible-server/how-to-azure-ad.
Try out this new functionality today and let us know what you think! Send any feedback or questions to us at mailto:AskAzureDBforMySQL@service.microsoft.com! Thank you!