New, simpler way to login to Azure Database for PostgreSQL – Single Server using Azure AD

This post has been republished via RSS; it originally appeared at: New blog articles in Microsoft Tech Community.

Once you start having a large amount of databases, or more than one engineer on the team, management of your database users and their associated passwords can become a problem. It’s difficult to keep track of who has access and apply security policies consistently across all your databases.

Previously we announced the preview of Azure AD authentication for Azure Database for PostgreSQL - Single Server, to enable use of your existing Azure Active Directory (AD) credentials for logging in—but you had to jump through a few extra steps and use a token for logging in.

Today we’re happy to announce a new, simpler, way to login to your Azure Database for PostgreSQL server: Using Azure Data Studio 1.16.0 (March 2020 release) and the latest PostgreSQL extension, you can now seamlessly login to your Postgres database on Azure, without specifying a password, just by selecting your Azure AD account.

Sign-in with Azure AD to Azure Database for PostgreSQL, using Azure Data Studio

Here is the quick version of how this works in Azure Data Studio - no password required!

Let's take a look in detail:

Setting the Azure AD Administrator

We’ll start with a fresh Azure Database for PostgreSQL - Single Server database we just created and navigate to the Azure AD administrator view. There, we will set our own user account as the administrator:

Screenshot of Azure Portal, with Azure Active Directory administrator blade showing for an Azure Database for PostgreSQL server.

Once the operation has completed, we can now login with our user to the database:

Signing into PostgreSQL using Azure Data Studio

Let’s open up Azure Data Studio. If you haven’t already, make sure you install the latest version of the PostgreSQL extension to Azure Data Studio.

Now, we’ll create a new connection:

Screenshot of Azure Data Studio connection dialog for Postgres (initial screen, with authentication type Password selected)

And we’ll select the new Authentication type, Azure Active Directory:

Screenshot of Azure Data Studio connection dialog and Authentication choice - selecting "Azure Active Directory"

This changes our connection menu with new options:

Screenshot of Azure Data Studio connection screen for Postgres, with Azure Active Directory authentication type selected.

Here we’ve filled this out so we’re authenticating with our personal username (“lufittl@microsoft.com” in my case), and we’re connecting to the Postgres database that I previously provisioned.

You can see that we didn’t have to specify a password, and instead selected the Azure AD Account we wanted to use.

Adding an Azure AD account in Azure Data Studio

If you haven’t specified your Azure Account in Azure Data Studio before, you will need to add a new Azure AD account to authenticate with (this will only need to be done once):

Screenshot of "Azure AD Account" drop down in Azure Data Studio, with "Add Account" selected.

Once we click “Connect”, we are now authenticated to the database:

Screenshot of Azure Data Studio with successful connection to Postgres seerver

This works the same way for authenticating as an Azure AD group – simply make sure that you specify the group name as “GroupName@ServerName” (no need to specify the tenant with groups), and that you’ve previously created the Azure AD group associated role in the Postgres database.

Try out Azure AD with Azure Database for PostgreSQL yourself!

We’re excited about this new functionality—it is available today with Azure Data Studio version 1.16.0 (March 2020 release), and the PostgreSQL extension to Azure Data Studio version 0.2.5.

Install the PostgreSQL extension for Azure Data Studio

Feedback or questions?

Open an issue on GitHub, or reach out to our team by emailing AskAzureDBforPostgreSQL@service.microsoft.com.