Azure MySQL AAD group member not logged as external_user_s

Question

As a follow-up from AAD group member not logged as external_user_s:

As outlined in Azure MySQL Audit Logs and Azure AD Authentication Learnings, it should be possible to log the individual user if that user logged in with the AAD group name and the access token obtained previously.

However, in my case, external_user_s is either b677c290-cf4b-4a8e-a60e-91ba650a4abe (Cloud Shell App ID) or 04b07795-8ddb-461a-bbee-02f9e1bf7b46 (CLI App ID).

Is there any guidance on how to make the actual user appear as external_user_s (or any other logging attribute)?

Following this comment, I decoded the access token and found my account correctly show up under unique_name. See my answer.

Any idea on how to solve this?

Thank you very much in advance.

Answer 1

Hi @SchefflerFelix-0906 , welcome to Microsoft Q&A forum.

While going through the details provided by you I followed below steps:

1. Created a new Azure Active Directory group and added users into it and then set it up as the Admin in azure Database for MySQL
2. Able to login as that AAD group in Azure MySQL using Azure Cloud Shell with below command
3. Connected to Azure MySQL using Azure Cloud Shell with above created group.
4. Could not locate any external_user_s through Log Analytics Query.
5. Connected with MySQL Workbench to Azure SQL and I can see the external_user_s with the user name and not the azure directory group name(below screenshot)

This mostly looks like the issue from the client we use to connect, as I myself could not locate the external_user_s when tried with Azure Cloud Shell.

Could you please let us know how were you trying to connect to server and if possible screenshots on the same?