# Connect using AD Application credentials

**Step I:**

1. Login to Microsoft azure portal.
2. Search App registrations, and create New registration.
3. Give a name and leave default register.\
   ![](https://323347149-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2Fw6GKvSvsZfGhtiQWrONh%2Fuploads%2FPy3hSYxBsmBKVDIf7XFK%2Fimage.png?alt=media\&token=4d3a97a9-9f05-4ffe-94e0-e441a4ee83f8)
4. Create secret. \
   ![](https://323347149-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2Fw6GKvSvsZfGhtiQWrONh%2Fuploads%2Fb9AoVsfGGB8aP4hLu87R%2Fimage.png?alt=media\&token=b0f256fc-9519-40e0-826e-154a3ca202eb)
5. Give following API Permission with Grant admin consent. ![](https://323347149-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2Fw6GKvSvsZfGhtiQWrONh%2Fuploads%2F4FE6ccy8kPRCGBPy9xHh%2Fimage.png?alt=media\&token=d723490e-8d6b-4aff-ab92-9645d2ef8f91)
6. Create App roles with Task Read value.\
   ![](https://323347149-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2Fw6GKvSvsZfGhtiQWrONh%2Fuploads%2FViAROdYOnxAPqIIZ6p3L%2Fimage.png?alt=media\&token=e753d6c8-ad93-4044-a352-e04bae85afec)<br>

**Step II:**&#x20;

Create database user from external (AD Application) in master database.\
**Query**

CREATE USER \<AD Application name> FROM EXTERNAL PROVIDER;<br>

**Step III:**

Switch to the database and add user to database role (db\_datareader), grant view definition privilege.\
**Query**

ALTER ROLE db\_datareader ADD MEMBER \[\<AD Application name>];

GRANT VIEW DEFINITION TO \[\<AD Application name>];

**Required Parameters:**

* Server name (example : testdb.database.windows.net)
* Database name
* App client id
* App tenant id
* App client secret