%3CLINGO-SUB%20id%3D%22lingo-sub-1247272%22%20slang%3D%22en-US%22%3ENew%2C%20simpler%20way%20to%20sign-in%20to%20Azure%20Database%20for%20PostgreSQL%20-%20Single%20Server%20using%20Azure%20AD%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1247272%22%20slang%3D%22en-US%22%3E%3CP%3EOnce%20you%20start%20having%20a%20large%20amount%20of%20databases%2C%20or%20more%20than%20one%20engineer%20on%20the%20team%2C%20management%20of%20your%20database%20users%20and%20their%20associated%20passwords%20can%20become%20a%20problem.%20It%E2%80%99s%20difficult%20to%20keep%20track%20of%20who%20has%20access%20and%20apply%20security%20policies%20consistently%20across%20all%20your%20databases.%3C%2FP%3E%0A%3CP%3E%3CBR%20%2F%3EPreviously%20we%20announced%20the%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-database-for-postgresql%2Fintroducing-azure-active-directory-authentication-for-azure%2Fba-p%2F1069248%22%20target%3D%22_self%22%3Epreview%20of%20Azure%20AD%20authentication%20for%20Azure%20Database%20for%20PostgreSQL%20-%20Single%20Server%3C%2FA%3E%2C%20to%20enable%20use%20of%20your%20existing%20Azure%20Active%20Directory%20(AD)%20credentials%20for%20signing%20in%E2%80%94but%20you%20had%20to%20jump%20through%20a%20few%20extra%20steps%20and%20use%20a%20token%20for%20signing%20in.%3C%2FP%3E%0A%3CP%3E%3CBR%20%2F%3EToday%20we%E2%80%99re%20happy%20to%20announce%20a%20new%2C%20simpler%2C%20way%20to%20sign-in%20to%20your%20%3CA%20href%3D%22https%3A%2F%2Faka.ms%2Fazure-postgres%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3EAzure%20Database%20for%20PostgreSQL%3C%2FA%3E%20server%3A%20Using%20Azure%20Data%20Studio%201.16.0%20(%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fsql%2Fazure-data-studio%2Frelease-notes-azure-data-studio%3Fview%3Dsql-server-ver15%23march-2020%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3EMarch%202020%20release%3C%2FA%3E)%20and%20the%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fsql%2Fazure-data-studio%2Fpostgres-extension%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Elatest%20PostgreSQL%20extension%3C%2FA%3E%2C%20you%20can%20now%20seamlessly%20sign-in%20to%20your%20Postgres%20database%20on%20Azure%2C%20without%20specifying%20a%20password%2C%20just%20by%20selecting%20your%20Azure%20AD%20account.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3ESign-in%20with%20Azure%20AD%20to%20Azure%20Database%20for%20PostgreSQL%2C%20using%20Azure%20Data%20Studio%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EHere%20is%20the%20quick%20version%20of%20how%20this%20works%20in%20Azure%20Data%20Studio%20-%20%3CSTRONG%3Eno%20password%20required!%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22postgres_azure_ad.gif%22%20style%3D%22width%3A%20604px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F178922i28E97C4BFF957A5B%2Fimage-dimensions%2F604x457%3Fv%3D1.0%22%20width%3D%22604%22%20height%3D%22457%22%20title%3D%22postgres_azure_ad.gif%22%20alt%3D%22postgres_azure_ad.gif%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ELet's%20take%20a%20look%20in%20detail%3A%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3EConfiguring%20the%20Azure%20AD%20Administrator%20in%20the%20Azure%20Portal%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3E%3CBR%20%2F%3EWe%E2%80%99ll%20start%20with%20a%20fresh%20Azure%20Database%20for%20PostgreSQL%20-%20Single%20Server%20database%20we%20just%20created%20and%20navigate%20to%20the%20Azure%20AD%20administrator%20view.%20There%2C%20we%20will%20set%20our%20own%20user%20account%20as%20the%20administrator%3A%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22Picture1.png%22%20style%3D%22width%3A%20584px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F178915i75DA020D5C566406%2Fimage-dimensions%2F584x301%3Fv%3D1.0%22%20width%3D%22584%22%20height%3D%22301%22%20title%3D%22Picture1.png%22%20alt%3D%22Azure%20Portal%3A%20Configure%20Azure%20Active%20Directory%20administrator%20for%20your%20Azure%20Database%20for%20PostgreSQL%20server%22%20%2F%3E%3CSPAN%20class%3D%22lia-inline-image-caption%22%20onclick%3D%22event.preventDefault()%3B%22%3EAzure%20Portal%3A%20Configure%20Azure%20Active%20Directory%20administrator%20for%20your%20Azure%20Database%20for%20PostgreSQL%20server%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EOnce%20the%20operation%20has%20completed%2C%20we%20can%20now%20sign-in%20with%20our%20user%20to%20the%20database%3A%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3ESigning%20into%20PostgreSQL%20using%20Azure%20Data%20Studio%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ELet%E2%80%99s%20open%20up%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fsql%2Fazure-data-studio%2Fwhat-is%3Fview%3Dsql-server-ver15%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3EAzure%20Data%20Studio%3C%2FA%3E.%20If%20you%20haven%E2%80%99t%20already%2C%20make%20sure%20you%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fsql%2Fazure-data-studio%2Fpostgres-extension%3Fview%3Dsql-server-ver15%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Einstall%20the%20latest%20version%20of%20the%20PostgreSQL%20extension%3C%2FA%3E%20to%20Azure%20Data%20Studio.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ENow%2C%20we%E2%80%99ll%20create%20a%20new%20connection%3A%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22Picture2.png%22%20style%3D%22width%3A%20430px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F178916i40636BF590D78D2B%2Fimage-dimensions%2F430x386%3Fv%3D1.0%22%20width%3D%22430%22%20height%3D%22386%22%20title%3D%22Picture2.png%22%20alt%3D%22Connection%20dialog%20for%20PostgreSQL%22%20%2F%3E%3CSPAN%20class%3D%22lia-inline-image-caption%22%20onclick%3D%22event.preventDefault()%3B%22%3EConnection%20dialog%20for%20PostgreSQL%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EAnd%20we%E2%80%99ll%20select%20the%20new%20Authentication%20type%2C%20Azure%20Active%20Directory%3A%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22Picture3.png%22%20style%3D%22width%3A%20478px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F178917iE75C0DDAB84AE390%2Fimage-dimensions%2F478x60%3Fv%3D1.0%22%20width%3D%22478%22%20height%3D%2260%22%20title%3D%22Picture3.png%22%20alt%3D%22Authentication%20type%20choice%20-%20selecting%20%26quot%3BAzure%20Active%20Directory%26quot%3B%22%20%2F%3E%3CSPAN%20class%3D%22lia-inline-image-caption%22%20onclick%3D%22event.preventDefault()%3B%22%3EAuthentication%20type%20choice%20-%20selecting%20%22Azure%20Active%20Directory%22%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThis%20changes%20our%20connection%20menu%20with%20new%20options%3A%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22Picture4.png%22%20style%3D%22width%3A%20449px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F178918iD518A939B4E2CFD9%2Fimage-dimensions%2F449x407%3Fv%3D1.0%22%20width%3D%22449%22%20height%3D%22407%22%20title%3D%22Picture4.png%22%20alt%3D%22Connection%20dialog%20with%20Azure%20Active%20Directory%20authentication%20type%20selected%22%20%2F%3E%3CSPAN%20class%3D%22lia-inline-image-caption%22%20onclick%3D%22event.preventDefault()%3B%22%3EConnection%20dialog%20with%20Azure%20Active%20Directory%20authentication%20type%20selected%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EHere%20we%E2%80%99ve%20filled%20this%20out%20so%20we%E2%80%99re%20authenticating%20with%20our%20personal%20username%20(%E2%80%9Clufittl%40microsoft.com%E2%80%9D%20in%20my%20case)%2C%20and%20we%E2%80%99re%20connecting%20to%20the%20Postgres%20database%20that%20we%20previously%20provisioned.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EYou%20can%20see%20that%20we%20didn%E2%80%99t%20have%20to%20specify%20a%20password%2C%20and%20instead%20selected%20the%20Azure%20AD%20Account%20we%20wanted%20to%20use.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3EAdding%20an%20Azure%20AD%20account%20in%20Azure%20Data%20Studio%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EIf%20you%20haven%E2%80%99t%20specified%20your%20Azure%20Account%20in%20Azure%20Data%20Studio%20before%2C%20you%20will%20need%20to%20add%20a%20new%20Azure%20AD%20account%20to%20authenticate%20with%20(this%20will%20only%20need%20to%20be%20done%20once)%3A%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22Picture5.png%22%20style%3D%22width%3A%20485px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F178919iAA38545FB8FB903D%2Fimage-dimensions%2F485x66%3Fv%3D1.0%22%20width%3D%22485%22%20height%3D%2266%22%20title%3D%22Picture5.png%22%20alt%3D%22Adding%20an%20Azure%20AD%20account%20to%20Azure%20Data%20Studio%22%20%2F%3E%3CSPAN%20class%3D%22lia-inline-image-caption%22%20onclick%3D%22event.preventDefault()%3B%22%3EAdding%20an%20Azure%20AD%20account%20to%20Azure%20Data%20Studio%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EOnce%20we%20click%20%E2%80%9CConnect%E2%80%9D%2C%20we%20are%20now%20authenticated%20to%20the%20database%3A%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22Picture6.png%22%20style%3D%22width%3A%20540px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F178920i57ECE73955FBD2FE%2Fimage-dimensions%2F540x311%3Fv%3D1.0%22%20width%3D%22540%22%20height%3D%22311%22%20title%3D%22Picture6.png%22%20alt%3D%22Successful%20connection%20using%20Azure%20AD%22%20%2F%3E%3CSPAN%20class%3D%22lia-inline-image-caption%22%20onclick%3D%22event.preventDefault()%3B%22%3ESuccessful%20connection%20using%20Azure%20AD%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThis%20works%20the%20same%20way%20for%20authenticating%20as%20an%20Azure%20AD%20group%20%E2%80%93%20simply%20make%20sure%20that%20you%20specify%20the%20group%20name%20as%20%E2%80%9CGroupName%40ServerName%E2%80%9D%20(no%20need%20to%20specify%20the%20tenant%20with%20groups)%2C%20and%20that%20you%E2%80%99ve%20previously%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fazure%2Fpostgresql%2Fhowto-configure-sign-in-aad-authentication%23creating-azure-ad-groups-in-azure-database-for-postgresql%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ecreated%20the%20Azure%20AD%20group%20associated%20role%20in%20the%20Postgres%20database%3C%2FA%3E.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3ETry%20out%20Azure%20AD%20with%20Azure%20Database%20for%20PostgreSQL%20yourself!%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EWe%E2%80%99re%20excited%20about%20this%20new%20functionality%E2%80%94it%20is%20available%20today%20with%20Azure%20Data%20Studio%20version%201.16.0%20(March%202020%20release)%2C%20and%20the%20PostgreSQL%20extension%20to%20Azure%20Data%20Studio%20version%200.2.5.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fsql%2Fazure-data-studio%2Fpostgres-extension%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3EInstall%20the%20PostgreSQL%20extension%20for%20Azure%20Data%20Studio%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%3CBR%20%2F%3E%3CSTRONG%3EFeedback%20or%20questions%3F%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EOpen%20an%20%3CA%20href%3D%22https%3A%2F%2Fgithub.com%2Fmicrosoft%2Fazuredatastudio-postgresql%2Fissues%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Eissue%20on%20GitHub%3C%2FA%3E%2C%20or%20reach%20out%20to%20our%20team%20by%20emailing%20%3CA%20href%3D%22mailto%3AAskAzureDBforPostgreSQL%40service.microsoft.com%22%20target%3D%22_self%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3EAskAzureDBforPostgreSQL%40service.microsoft.com%3C%2FA%3E.%3CSTRONG%3E%3CBR%20%2F%3E%3C%2FSTRONG%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-TEASER%20id%3D%22lingo-teaser-1247272%22%20slang%3D%22en-US%22%3E%3CP%3EOnce%20you%20start%20having%20a%20large%20amount%20of%20databases%2C%20or%20more%20than%20one%20engineer%20on%20the%20team%2C%20management%20of%20your%20database%20users%20and%20their%20associated%20passwords%20can%20become%20a%20problem.%20It%E2%80%99s%20difficult%20to%20keep%20track%20of%20who%20has%20access%20and%20apply%20security%20policies%20consistently%20across%20all%20your%20databases.%3C%2FP%3E%0A%3CP%3E%3CBR%20%2F%3EToday%20we%E2%80%99re%20happy%20to%20announce%20a%20new%2C%20simpler%2C%20way%20to%20sign-in%20to%20your%20Azure%20Database%20for%20PostgreSQL%20server%20-%20using%20your%20Azure%20AD%20account.%20%3CSTRONG%3ENo%20passwords%20required!%3C%2FSTRONG%3E%3C%2FP%3E%3C%2FLINGO-TEASER%3E
Microsoft

Once you start having a large amount of databases, or more than one engineer on the team, management of your database users and their associated passwords can become a problem. It’s difficult to keep track of who has access and apply security policies consistently across all your databases.


Previously we announced the preview of Azure AD authentication for Azure Database for PostgreSQL - Single Server, to enable use of your existing Azure Active Directory (AD) credentials for signing in—but you had to jump through a few extra steps and use a token for signing in.


Today we’re happy to announce a new, simpler, way to sign-in to your Azure Database for PostgreSQL server: Using Azure Data Studio 1.16.0 (March 2020 release) and the latest PostgreSQL extension, you can now seamlessly sign-in to your Postgres database on Azure, without specifying a password, just by selecting your Azure AD account.

 

Sign-in with Azure AD to Azure Database for PostgreSQL, using Azure Data Studio

 

Here is the quick version of how this works in Azure Data Studio - no password required!

 

postgres_azure_ad.gif

 

Let's take a look in detail:

 

Configuring the Azure AD Administrator in the Azure Portal


We’ll start with a fresh Azure Database for PostgreSQL - Single Server database we just created and navigate to the Azure AD administrator view. There, we will set our own user account as the administrator:

 

Azure Portal: Configure Azure Active Directory administrator for your Azure Database for PostgreSQL serverAzure Portal: Configure Azure Active Directory administrator for your Azure Database for PostgreSQL server

 

Once the operation has completed, we can now sign-in with our user to the database:

 

Signing into PostgreSQL using Azure Data Studio

 

Let’s open up Azure Data Studio. If you haven’t already, make sure you install the latest version of the PostgreSQL extension to Azure Data Studio.

 

Now, we’ll create a new connection:

 

Connection dialog for PostgreSQLConnection dialog for PostgreSQL

 

And we’ll select the new Authentication type, Azure Active Directory:

 

Authentication type choice - selecting "Azure Active Directory"Authentication type choice - selecting "Azure Active Directory"

 

This changes our connection menu with new options:

 

Connection dialog with Azure Active Directory authentication type selectedConnection dialog with Azure Active Directory authentication type selected

 

Here we’ve filled this out so we’re authenticating with our personal username (“lufittl@microsoft.com” in my case), and we’re connecting to the Postgres database that we previously provisioned.

 

You can see that we didn’t have to specify a password, and instead selected the Azure AD Account we wanted to use.

 

Adding an Azure AD account in Azure Data Studio

 

If you haven’t specified your Azure Account in Azure Data Studio before, you will need to add a new Azure AD account to authenticate with (this will only need to be done once):

 

Adding an Azure AD account to Azure Data StudioAdding an Azure AD account to Azure Data Studio

 

Once we click “Connect”, we are now authenticated to the database:

Successful connection using Azure ADSuccessful connection using Azure AD

 

This works the same way for authenticating as an Azure AD group – simply make sure that you specify the group name as “GroupName@ServerName” (no need to specify the tenant with groups), and that you’ve previously created the Azure AD group associated role in the Postgres database.

 

Try out Azure AD with Azure Database for PostgreSQL yourself!

 

We’re excited about this new functionality—it is available today with Azure Data Studio version 1.16.0 (March 2020 release), and the PostgreSQL extension to Azure Data Studio version 0.2.5.

 

Install the PostgreSQL extension for Azure Data Studio


Feedback or questions?

 

Open an issue on GitHub, or reach out to our team by emailing AskAzureDBforPostgreSQL@service.microsoft.com.