Once you start having a large amount of databases, or more than one engineer on the team, management of your database users and their associated passwords can become a problem. It’s difficult to keep track of who has access and apply security policies consistently across all your databases.
Previously we announced the preview of Azure AD authentication for Azure Database for PostgreSQL - Single Server, to enable use of your existing Azure Active Directory (AD) credentials for signing in—but you had to jump through a few extra steps and use a token for signing in.
Today we’re happy to announce a new, simpler, way to sign-in to your Azure Database for PostgreSQL server: Using Azure Data Studio 1.16.0 (March 2020 release) and the latest PostgreSQL extension, you can now seamlessly sign-in to your Postgres database on Azure, without specifying a password, just by selecting your Azure AD account.
Sign-in with Azure AD to Azure Database for PostgreSQL, using Azure Data Studio
Here is the quick version of how this works in Azure Data Studio - no password required!
Let's take a look in detail:
Configuring the Azure AD Administrator in the Azure Portal
We’ll start with a fresh Azure Database for PostgreSQL - Single Server database we just created and navigate to the Azure AD administrator view. There, we will set our own user account as the administrator:
Once the operation has completed, we can now sign-in with our user to the database:
Signing into PostgreSQL using Azure Data Studio
Let’s open up Azure Data Studio. If you haven’t already, make sure you install the latest version of the PostgreSQL extension to Azure Data Studio.
Now, we’ll create a new connection:
And we’ll select the new Authentication type, Azure Active Directory:
This changes our connection menu with new options:
Here we’ve filled this out so we’re authenticating with our personal username (“firstname.lastname@example.org” in my case), and we’re connecting to the Postgres database that we previously provisioned.
You can see that we didn’t have to specify a password, and instead selected the Azure AD Account we wanted to use.
Adding an Azure AD account in Azure Data Studio
If you haven’t specified your Azure Account in Azure Data Studio before, you will need to add a new Azure AD account to authenticate with (this will only need to be done once):
Once we click “Connect”, we are now authenticated to the database:
This works the same way for authenticating as an Azure AD group – simply make sure that you specify the group name as “GroupName@ServerName” (no need to specify the tenant with groups), and that you’ve previously created the Azure AD group associated role in the Postgres database.
Try out Azure AD with Azure Database for PostgreSQL yourself!
We’re excited about this new functionality—it is available today with Azure Data Studio version 1.16.0 (March 2020 release), and the PostgreSQL extension to Azure Data Studio version 0.2.5.
Feedback or questions?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.