Not able to create AAD group in Azure mysql as per online document

Question

I am not able to create the AZURe AD group in AZureMySql as per document:
https://learn.microsoft.com/en-us/azure/mysql/howto-configure-sign-in-azure-ad-authentication

We have AAD group when I run below command in mysql as

CREATE AADUSER 'aadgroupxx.'
getting below error
Error executing SQL statement. An unexpected error occurred while trying to validate user 'aadgroupxx'.

when I run the below command

CREATE AADUSER 'aadgroupxx.' IDENTIFIED BY 'OBJECT_ID';
it is working , I put object_id as no client id for AAD group

but
When logging in as members of the group and use his personal access tokens, sign with the group name specified as the username.,
getting an exception in MYSQL as invalid token ...
Azure AD access token is not valid for user 'aadgroupxx' with OID 'object_idxxx'.

Answer 1

As suggested by the support team the solution is

Service Principal Authentication following the same like below thread is not supported.:

https://github.com/MicrosoftDocs/azure-docs/issues/60204

Service Principal authentication with MySQL · Issue #60204 · MicrosoftDocs/azure-docs · GitHub

In terms of Service Principal the only type we support is Connect with Managed Identity - Azure Database for MySQL | Microsoft Learn

https://learn.microsoft.com/en-us/azure/mysql/howto-connect-with-managed-identity

the other alternative without managed identity is

add AAD group as MYSQL admin then use it to create other valid AAD group and account , SP can only be used for individual account in MYSQL and can't be used as admin to create other AAD group

follow link: https://learn.microsoft.com/en-us/azure/mysql/howto-configure-sign-in-azure-ad-authentication