Skip to main content

Azure Authentication with Service Principal

This article looks at how to authenticate with an Azure AD service principal as the identity of the application instance.

Common Prerequisites

  • Available account in Azure Active Directory.

  • Available Azure MS SQL server.

  • Azure Active Directory is set to centrally manage identity and access to Azure SQL Database.

  • Installed MS ODBC Driver for SQL Server. The current version is 17.

  • Azure Managed Identity created. Object (principal) ID is stored.

  • Azure Service Principal, appId (is used as userId), and password are stored.

  • The user that corresponds to the Service Principal is created in SQL Database and the proper role is assigned to the user.

For more information, see the Create an Azure service principal with the Azure CLI article on the Microsoft documentation portal.

DSN Connection

You can connect with DNS using Data Connection Manager (DCM) or without it.

Prerequisites: User or System DSN is configured in ODBC data source manager to use Azure Service Principal authentication.

DNS Settings

DSN Connection without DCM

  1. Place the Input Data tool on the Designer canvas.

  2. Select the down arrow in the Connect a File or Database field.

  3. From Data Sources, choose Microsoft Azure SQL Database - ODBC.

  4. Choose DSN created in the preconditions from the dropdown.

  5. Provide User ID and Password.

    Provide User ID and Password

  6. Choose any table from your database in the Query Builder.

  7. Select OK.

DSN Connection Using DCM

  1. Make sure that DCM is enabled.

  2. Place the Input Data tool on the Designer canvas.

  3. Below the Connect a File or Database field, select Set Up a Connection.

  4. Choose Microsoft Azure SQL Database - ODBC from Data Sources.

  5. Select the Add Data Source button.

  6. Enter descriptive Data Source Name.

  7. Enter the name of DSN created in ODBC Data source manager and select Save.

    Enter DNS name

  8. Select Connect Credential.

    Click Connect Credentials

  9. For Authentication Method select Username and password.

  10. Select Create new Credential for Credential.

  11. Enter a descriptive name for Credential.

  12. Enter Username and Password.

  13. Select Create and Link.

    Click Create and Link

  14. Select Connect.

    Click Connect

  15. Choose any table from your database in the Query Builder.

  16. Select OK.

DSN-less Connection

You can establish a DSN-less connection using Data Connection Manager (DCM) or without it.

DSN-less Connection without DCM

  1. Place Input Data tool on Designer canvas.

  2. Enter this Connection string in the Connect a File or Database field:

    odbc:Driver={ODBC Driver 17 for SQL Server};Server=tcp:<_your_server_>,1433;Database=<_your_db_>;UID=<_your_user_id_>;PWD=<_your_password_>;Authentication=ActiveDirectoryServicePrincipal

    Replace the text between the <> with actual values.

  3. Select the 3 dot icon next to the Table or Query option.

  4. Choose any table from your database in the Query Builder.

  5. Select OK.

DSN-less Connection Using DCM

  1. Make sure that DCM is enabled.

  2. Place the Input Data tool on the Designer canvas.

  3. Below Connect a File or Database field select Set Up a Connection.

  4. Choose Microsoft SQL Server - Quick connect from Data Sources.

  5. Select the Add Data Source button.

  6. Provide a descriptive name for Data Source Name, actual server, and database name.

  7. Make sure the Driver is set to ODBC Driver 17 for SQL Server.

  8. Select the Save button.

    Click Save

  9. Select Connect Credential.

  10. Choose or provide Azure Active Directory Service Principal for Authentication Method and select Link.

  11. Select Create New Credential.

  12. Enter a descriptive Credential Name, Client ID, and Client Secret.

  13. Select the Create and Link button.

    Click Create and Link

  14. Select Connect.

    Click Connect

  15. Choose any table from your database in the Query Builder.

  16. Select OK.

In this section: