Connect using AD Application credentials

Step I:

  1. Login to Microsoft azure portal.

  2. Search App registrations, and create New registration.

  3. Give a name and leave default register.

  4. Create secret.

  5. Give following API Permission with Grant admin consent.

  6. Create App roles with Task Read value.

Step II:

Create database user from external (AD Application) in master database. Query

CREATE USER <AD Application name> FROM EXTERNAL PROVIDER;

Step III:

Switch to the database and add user to database role (db_datareader), grant view definition privilege. Query

ALTER ROLE db_datareader ADD MEMBER [<AD Application name>];

GRANT VIEW DEFINITION TO [<AD Application name>];

Required Parameters:

  • Server name (example : testdb.database.windows.net)

  • Database name

  • App client id

  • App tenant id

  • App client secret

Last updated