Creating an Azure AD Application

SQL Server supports user-based authentication using Azure AD. This authentication is OAuth-based.

To connect to SQL Server via the Web, you must always create a custom application, as described here.

Custom OAuth applications are useful if you want to:

• Control branding of the authentication dialog.
• Control the redirect URI that the application redirects the user to after the user authenticates.
• Customize the permissions that you are requesting from the user.

Authenticating With Azure AD

In https://portal.azure.com:

1. In the left-hand navigation pane, select Azure Active Directory > App registrations.
2. Click New registration.
3. Enter a name for the application.

4. Specify the types of accounts this application should support:

   • For private use applications, select Accounts in this organization directory only.
   • For distributed applications, select one of the multi-tenant options.

   Note: If you select Accounts in this organizational directory only (default), when you establish a connection with CData ODBC Driver for SQL Server you must set AzureTenant to the Id of the Azure AD Tenant. Otherwise, the authentication attempt fails.

5. Set the redirect URI to http://localhost:33333 (default) OR, if you want to specify a different port, specify the desired port and set CallbackURL to the exact reply URL you just defined.
6. To register the new application, click Register. An application management screen displays. Record these values for later use. (You will use the Application (client) ID value to set the OAuthClientId parameters, and the Directory (tenant) ID value to set the AzureTenant parameter.)
7. Navigate to Certificates & Secrets. Select New Client Secret for this application and specify the desired duration. After the client secret is saved, the Azure App Registration displays the key value. This value is displayed only once, so record it for future use. (You will use it to set the OAuthClientSecret.)
8. If you have specified the use of permissions that require admin consent (such as the Application Permissions), you can grant them from the current tenant on the API Permissions page.

Creating an Azure AD Application

SQL Server supports user-based authentication using Azure AD. This authentication is OAuth-based.

To connect to SQL Server via the Web, you must always create a custom application, as described here.

Custom OAuth applications are useful if you want to:

• Control branding of the authentication dialog.
• Control the redirect URI that the application redirects the user to after the user authenticates.
• Customize the permissions that you are requesting from the user.

Authenticating With Azure AD

In https://portal.azure.com:

1. In the left-hand navigation pane, select Azure Active Directory > App registrations.
2. Click New registration.
3. Enter a name for the application.

4. Specify the types of accounts this application should support:

   • For private use applications, select Accounts in this organization directory only.
   • For distributed applications, select one of the multi-tenant options.

   Note: If you select Accounts in this organizational directory only (default), when you establish a connection with CData ODBC Driver for SQL Server you must set AzureTenant to the Id of the Azure AD Tenant. Otherwise, the authentication attempt fails.

5. Set the redirect URI to http://localhost:33333 (default) OR, if you want to specify a different port, specify the desired port and set CallbackURL to the exact reply URL you just defined.
6. To register the new application, click Register. An application management screen displays. Record these values for later use. (You will use the Application (client) ID value to set the OAuthClientId parameters, and the Directory (tenant) ID value to set the AzureTenant parameter.)
7. Navigate to Certificates & Secrets. Select New Client Secret for this application and specify the desired duration. After the client secret is saved, the Azure App Registration displays the key value. This value is displayed only once, so record it for future use. (You will use it to set the OAuthClientSecret.)
8. If you have specified the use of permissions that require admin consent (such as the Application Permissions), you can grant them from the current tenant on the API Permissions page.