I have a Function App with a managed identity that needs to be able to execute SQL queries from a managed SQL Server instance. I've seen articles about adding users, and user managed identities to a SQL Server instance with Azure Active Directory, but I haven't seen Azure managed identities. The managed identity doesn't show up in Azure Active Directory, so SSMS is unable to create the login. Create failed for Login 'MyFunctionApp'. Principal 'MyFunctionApp' could not be found or this principal type is not supported.. Is it possible to have a managed identity added as a login to SQL Server via Azure Active Directory? If not, what's the recommended approach, just create another login?
0
votes
1 Answers
0
votes
The login is not a normal user, you need to specify that it's from external provider:
CREATE USER [<identity-name>] FROM EXTERNAL PROVIDER;
ALTER ROLE db_datareader ADD MEMBER [<identity-name>];
ALTER ROLE db_datawriter ADD MEMBER [<identity-name>];
more info : https://docs.microsoft.com/en-us/azure/app-service/app-service-web-tutorial-connect-msi
