SMDS Database Connectivity with Azure Entra Id

1. The user needs to possess an ADM/Maersk account accessible and be capable of logging in to the Azure Portal.

2. Add users to the DB group :

3. Start by authenticating with Microsoft Entra ID by using the Azure CLI

az login

The command opens a browser window to the Microsoft Entra authentication page. It requires you to give your Microsoft Entra user ID and password.

1. Use the Azure CLI to acquire an access token for the Microsoft Entra authenticated user to access Azure Database for PostgreSQL. Here's an example of the public cloud:

az account get-access-token --resource https://ossrdbms-aad.database.windows.net

After authentication is successful, Microsoft Entra ID returns an access token:

{
  "accessToken": "TOKEN",
  "expiresOn": "...",
  "subscription": "...",
  "tenant": "...",
  "tokenType": "Bearer"
}

The generated token can be used as a password and it can be used in similar how we used to connect

Here are some essential considerations when you're connecting:

• user@tenant.onmicrosoft.com is the name of the Microsoft Entra user.
• Be sure to use the exact way the Azure user is spelled. Microsoft Entra user and group names are case-sensitive.
• If the name contains spaces, use a backslash (\) before each space to escape it.
• The access token's validity is 5 minutes to 60 minutes. You should get the access token before initiating the sign-in to Azure Database for PostgreSQL.

There are three access types :

1. az_read_access -> read only access
2. az_write_access -> select, insert, update, delete
3. az_admin_access -> delete, insert, references,select, trigger, truncate, update