Enable managed identities
AutoClassifier supports the following Microsoft Entra authentication modes:
-
Microsoft Azure Active Directory username and password authentication
-
Microsoft Azure Active Directory Integrated authentication
-
Microsoft Azure Active Directory Service Principal authentication
-
Microsoft Azure Active Directory Managed Identity or Managed Service Identity (MSI) authentication
authentication
connection property in your connection string. For more information, see Connect to Azure SQL with Microsoft Entra authentication and SqlClient in the Microsoft documentation.To enable managed identities for your SQL server, use the following steps:
-
Create your user-assigned managed identity object in Azure. For more information, see Create a user-assigned managed identity in the Microsoft documentation.
-
Ensure that your SQL server is in the same resource group as the managed identity object that you want to use. For more information Azure resource groups, see Manage Azure resource groups by using the Azure portal in the Microsoft documentation.
-
Ensure that your SQL server has managed identity turned on and that the managed identity assigned to the server is user-assigned and primary identity:
-
In your SQL server, on the left panel, click Identity under Security.
-
In the User assigned managed identity section, click Add and select your managed identity subscription.
-
In the Primary identity section, select your managed identity subscription from the drop-down list.
-
For more information, see Managed identities in Microsoft Entra for Azure SQL in the Microsoft documentation.
-
-
If you have not done so already, create your Configuration and UserProfiles databases.
-
On the Master database, run the following script to add a managed identity user:
CopyCREATE USER [<Managed Identity Name>] FROM EXTERNAL PROVIDER WITH DEFAULT_SCHEMA=[dbo]
GO -
On the Configuration and UserProfiles databases, run the following script to add a managed identity user and add it to the required roles:
CopyCREATE USER [<Managed Identity Name>] FROM EXTERNAL PROVIDER WITH DEFAULT_SCHEMA=[dbo]
GO
sys.sp_addrolemember @rolename = N'db_ddladmin', @membername = N'<Managed Identity Name>'
GO
sys.sp_addrolemember @rolename = N'db_datareader', @membername = N'<Managed Identity Name>'
GO
sys.sp_addrolemember @rolename = N'db_datawriter', @membername = N'<Managed Identity Name>'
GO
GRANT EXEC TO <Managed Identity Name>
GO -
Finally, when providing your database connection parameters, click Advanced Settings and provide a connection string similar to the following:
CopyData Source=<SQL Server>.database.windows.net,1433;Initial Catalog=<Database Name>;Trust Server Certificate=True;Authentication=ActiveDirectoryManagedIdentity