question

Tech7868 avatar image
0 Votes"
Tech7868 asked KalyanChanumolu-MSFT edited

Please provide documentation on how to set a Service Principal as an AD Administrator

Hi

Please provide the steps/documentation on how to set service principal as the Azure AD admin for the postgresql server. I am trying to do all this through terraform. Once the service principal is AAD i want to run few create role commands on the postgresql.

Also can service principal be directly set as AAD admin without any user/group?

azure-active-directoryazure-database-postgresql
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

KalyanChanumolu-MSFT avatar image
0 Votes"
KalyanChanumolu-MSFT answered KalyanChanumolu-MSFT edited

@Tech7868 Thank you for reaching out.

Yes, you can set a Service Principal as AAD admin using Azure CLI.

 az postgres server ad-admin create --server-name SERVERNAME -g RESOURCEGROUP --display-name YourServicePrincipalDisplayName --object-id YourServicePrincipalObjectID 

More info the CLI commands is here

However, for authentication using the SPN, you will need to add it to an AD Group and set the group as AD Admin.


If an answer is helpful, please "Accept answer" or "Up-Vote" which might help other community members reading this thread.
And if you have further questions or issues, please let us know.

· 4
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Thanks @KalyanChanumolu-MSFT for taking replying.

I will try and let you know

Quick questions

.1. Why I am not able to add Service principal as AAD for postgresql through the portal. It only allows you to select user/ group.

  1. Please refer to below issue mentioned that even if you set service principal directly as AAD admin , you are unable to login to postgresql using it. Thoughts?

https://github.com/MicrosoftDocs/azure-docs/issues/60995

Thank You

0 Votes 0 ·

@Tech7868 Thank you for referencing the issue.
I haven't tried if the authentication works when a service principal is added as AAD Admin. Please let me know how it goes for you.

If it doesn't work, you may try adding the service principal to an AD Security group and add the group as AAD admin, this functionality is supported on the portal.
I will try to get more details on the limitation of adding SPN's from Azure portal.

0 Votes 0 ·
Tech7868 avatar image Tech7868 KalyanChanumolu-MSFT ·

@KalyanChanumolu-MSFT

I was able to set SPN as the azure ad admin for postgresql but when trying to login through the SPN getting the below error

An error occurred while validating the access token. Please acquire a new token and retry.

Can you please try at your end to confirm this is not possible or I am missing something.

Thanks

0 Votes 0 ·
Show more comments