Latest AzureDataStudio doesn't work anymore with AzureAD - Accounts with no eMails :(

Question

Hello

I'm completely stuck :(

In my company, to connect AzureSQL, we use specific AD accounts with no eMail with MFA

but since last AzDataStudio upgrade i cannot connect anymore :(

we tried to add "Other emails" but same issue :( :(

If you have any workarround/fix it could be super great

Leopold

+33699494832

Answer 1

Hello Leopold !

It seems that the latest update has a major change on Authentication

As we can read from here

https://learn.microsoft.com/en-us/sql/azure-data-studio/connect?view=sql-server-ver16

Sql Authentication Provider

Azure Data Studio 1.44 and later defaults to use the Sql Authentication Provider for Azure SQL connections and the Microsoft Authentication Library (MSAL). This provider is used with Active Directory Interactive authentication mode and enables server-side resource endpoint integration when fetching access tokens.

After a user upgrades to Azure Data Studio 1.44 and higher, the initial launch of the application will display the following message:

--change this below 

With the Sql Authentication Provider, selection of a tenant is no longer required. The Azure AD tenant list box has been removed from the Connection dialog because it's now handled by the underlying driver. This change also allows for improved token refresh for Azure SQL Database connections.

Can you also try this ?

~The Mssql: Enable Sql Authentication Provider option can be disabled within File > Preferences > Settings ~ Can you also try this ?.

Or even device Code method ? --->

If this does not work or it is not preferred please have a look here :

https://learn.microsoft.com/en-us/sql/azure-data-studio/enable-kerberos?view=sql-server-ver16

Azure Data Studio supports connecting to SQL Server by using Kerberos.

To use integrated authentication (Windows Authentication) on macOS or Linux, you need to set up a Kerberos ticket that links your current user to a Windows domain account.

I hope this helps!

Kindly mark the answer as Accepted and Upvote in case it helped!

Regards

Answer 2

Hello Leopold !

For now i think i have some news !

This link provides a detail info for every scenario

https://learn.microsoft.com/en-us/azure/azure-sql/database/authentication-aad-configure?view=azuresql&tabs=azure-powershell

Active Directory integrated authentication

To use integrated Windows authentication, your domain's Active Directory must be federated with Azure Active Directory, or should be a managed domain that is configured for seamless single sign-on for pass-through or password hash authentication. For more information, see Azure Active Directory Seamless Single Sign-On.

Your client application (or a service) connecting to the database must be running on a domain-joined machine under a user's domain credentials.

To connect to a database using integrated authentication and an Azure AD identity, the Authentication keyword in the database connection string must be set to Active Directory Integrated. The following C# code sample uses ADO .NET.

C#

string ConnectionString = @"Data Source=n9lxnyuzhv.database.windows.net; Authentication=Active Directory Integrated; Initial Catalog=testdb;";
SqlConnection conn = new SqlConnection(ConnectionString);
conn.Open();

The connection string keyword Integrated Security=True is not supported for connecting to Azure SQL Database. When making an ODBC connection, you will need to remove spaces and set Authentication to 'ActiveDirectoryIntegrated'.

Active Directory password authentication

To connect to a database using Azure AD cloud-only identity user accounts, or those who use Azure AD hybrid identities, the Authentication keyword must be set to Active Directory Password. The connection string must contain User ID/UID and Password/PWD keywords and values. The following C# code sample uses ADO .NET.

C#

string ConnectionString =
@"Data Source=n9lxnyuzhv.database.windows.net; Authentication=Active Directory Password; Initial Catalog=testdb;  UID=bob@contoso.onmicrosoft.com; PWD=MyPassWord!";
SqlConnection conn = new SqlConnection(ConnectionString);
conn.Open();

Learn more about Azure AD authentication methods using the demo code samples available at Azure AD Authentication GitHub Demo.

I suggest to follow this links

Please tell me , are your users synced with AD Connect or Cloud Only Identities ?

I hope this helps!

Kindly mark the answer as Accepted and Upvote in case it helped!

Regards

Answer 3

Hi Leopold •,

Welcome to Microsoft Q&A forum and thanks for using Azure Services.

As I understand you are unable to login using AAD in ADS when it is updated.

Please refer to https://github.com/microsoft/azuredatastudio/issues/22999 issue and if this is similar to yours.

If not, I would recommend you to raise a request at https://github.com/microsoft/azuredatastudio/issues where team will look into it related to ADS.

Let us know if you have more queries. Thanks

Answer 4

Hello Leopold !

Use this method :

Where the Connection String method is similar to the one i wrote

Can you try please?

I hope this helps!

Kindly mark the answer as Accepted and Upvote in case it helped!

Regards