I am not able to create the AZURe AD group in AZureMySql as per document:
https://learn.microsoft.com/en-us/azure/mysql/howto-configure-sign-in-azure-ad-authentication
We have AAD group when I run below command in mysql as
CREATE AADUSER 'aadgroupxx.'
getting below error
Error executing SQL statement. An unexpected error occurred while trying to validate user 'aadgroupxx'.
when I run the below command
CREATE AADUSER 'aadgroupxx.' IDENTIFIED BY 'OBJECT_ID';
it is working , I put object_id as no client id for AAD group
When logging in as members of the group and use his personal access tokens, sign with the group name specified as the username.,
getting an exception in MYSQL as invalid token ...
Azure AD access token is not valid for user 'aadgroupxx' with OID 'object_idxxx'.
Hi
@Nagpal, Rita
, welcome to Microsoft Q&A forum.
As discussed on GitHub thread, we are discussing internally with Product team and will get back at the earliest once we receive the response back.
GitHub Link:
https://github.com/MicrosoftDocs/azure-docs/issues/81179
As suggested by the support team the solution is
Service Principal Authentication following the same like below thread
is not supported
.:
https://github.com/MicrosoftDocs/azure-docs/issues/60204
Service Principal authentication with MySQL · Issue #60204 · MicrosoftDocs/azure-docs · GitHub
In terms of Service Principal the only type we support is Connect with Managed Identity - Azure Database for MySQL | Microsoft Learn
https://learn.microsoft.com/en-us/azure/mysql/howto-connect-with-managed-identity
the other alternative without managed identity is
add AAD group as MYSQL admin then use it to create other valid AAD group and account , SP can only be used for individual account in MYSQL and can't be used as admin to create other AAD group
follow link:
https://learn.microsoft.com/en-us/azure/mysql/howto-configure-sign-in-azure-ad-authentication
