Add-SqlAzureAuthenticationContext

Module:: SqlServer Module

Performs authentication to Azure and acquires an authentication token.

Syntax

DefaultAzureCredential Public

Add-SqlAzureAuthenticationContext
    [[-ExcludeCredential] <CredentialType[]>]
    [-DefaultAzureCredential]
    [<CommonParameters>]

DefaultAzureCredential Private

Add-SqlAzureAuthenticationContext
    [[-ExcludeCredential] <CredentialType[]>]
    [-ActiveDirectoryAuthority] <String>
    [-AzureKeyVaultResourceId] <String>
    [[-AzureManagedHsmResourceId] <String>]
    [-DefaultAzureCredential]
    [<CommonParameters>]

Interactive Public

Add-SqlAzureAuthenticationContext
    [-Interactive]
    [<CommonParameters>]

Interactive Private

Add-SqlAzureAuthenticationContext
    [-ActiveDirectoryAuthority] <String>
    [-AzureKeyVaultResourceId] <String>
    [[-AzureManagedHsmResourceId] <String>]
    [-Interactive]
    [<CommonParameters>]

ClientIdSecret Public

Add-SqlAzureAuthenticationContext
    [-ClientID] <String>
    [-Secret] <String>
    [-Tenant] <String>
    [<CommonParameters>]

ClientIdSecret Private

Add-SqlAzureAuthenticationContext
    [-ClientID] <String>
    [-Secret] <String>
    [-Tenant] <String>
    [-ActiveDirectoryAuthority] <String>
    [-AzureKeyVaultResourceId] <String>
    [[-AzureManagedHsmResourceId] <String>]
    [<CommonParameters>]

ClientIdCertificate Public

Add-SqlAzureAuthenticationContext
    [-ClientID] <String>
    [-CertificateThumbprint] <String>
    [-Tenant] <String>
    [<CommonParameters>]

ClientIdCertificate Private

Add-SqlAzureAuthenticationContext
    [-ClientID] <String>
    [-CertificateThumbprint] <String>
    [-Tenant] <String>
    [-ActiveDirectoryAuthority] <String>
    [-AzureKeyVaultResourceId] <String>
    [[-AzureManagedHsmResourceId] <String>]
    [<CommonParameters>]

Description

The Add-SqlAzureAuthenticationContext cmdlet authenticates the specified principal account to Azure Resource Manager. Use this cmdlet with other cmdlets that interact with Azure resources, such as Azure Key Vault.

Module requirements: version 21+ on PowerShell 5.1; version 22+ on PowerShell 7.x.

Examples

Example 1: Prompt a user for credentials to authenticate a user to Azure Resource Manager

Add-SqlAzureAuthenticationContext -Interactive

This command prompts a user for a username and a password and then authenticates the user to Azure Resource Manager.

Example 2: Authenticate a user to Azure Resource Manager

Add-SqlAzureAuthenticationContext -ClientID '00001111-aaaa-2222-bbbb-3333cccc4444' -Secret '[Placeholder]' -Tenant '11112222-bbbb-3333-cccc-4444dddd5555'

This command performs authentication of the application principal with the specified client ID, which has been defined in the specified tenant, to Azure Resource Manager.

Example 3: Use DefaultAzureCredential to authenticate a user to Azure Resource Manager

Add-SqlAzureAuthenticationContext -DefaultAzureCredential

This command acquires token using the following credential types, if enabled, will be tried, in order: EnvironmentCredential, WorkloadIdentityCredential, ManagedIdentityCredential, SharedTokenCacheCredential, VisualStudioCredential, VisualStudioCodeCredential, AzureCliCredential, AzurePowerShellCredential, AzureDeveloperCliCredential, InteractiveBrowserCredential.

Example 4: Use DefaultAzureCredential but exclude few credential types to authenticate a user to Azure Resource Manager

Add-SqlAzureAuthenticationContext -DefaultAzureCredential `
   -ExcludeCredentials EnvironmentCredential, AzureDeveloperCliCredential

This command acquires token using the following credential types, if enabled, will be tried, in order: WorkloadIdentityCredential, ManagedIdentityCredential, SharedTokenCacheCredential, VisualStudioCredential, VisualStudioCodeCredential, AzureCliCredential, AzurePowerShellCredential, InteractiveBrowserCredential. NOTE that EnvironmentCredential, AzureDeveloperCliCredential are excluded from the above types.

Parameters

-ActiveDirectoryAuthority

Specifies the base authority for Azure Active Directory authentication. Same value as the ActiveDirectoryAuthority property from the Azure PowerShell Environment object.

Parameter properties

Type:	String
Default value:	None
Supports wildcards:	False
DontShow:	False

Parameter sets

DefaultAzureCredential Private

Position:	1
Mandatory:	True
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

Interactive Private

Position:	1
Mandatory:	True
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

ClientIdSecret Private

Position:	1
Mandatory:	True
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

ClientIdCertificate Private

Position:	1
Mandatory:	True
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-AzureKeyVaultResourceId

Specifies the resource ID for Azure Key Vault services. Same value as the AzureKeyVaultServiceEndpointResourceId property from the Azure PowerShell Environment object.

Parameter properties

Type:	String
Default value:	None
Supports wildcards:	False
DontShow:	False

Parameter sets

DefaultAzureCredential Private

Position:	2
Mandatory:	True
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

Interactive Private

Position:	2
Mandatory:	True
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

ClientIdSecret Private

Position:	2
Mandatory:	True
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

ClientIdCertificate Private

Position:	2
Mandatory:	True
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-AzureManagedHsmResourceId

Specifies the resource ID for the Azure Managed HSM service. Use this parameter to override the default value https://managedhsm.azure.net when your managed HSM resource is in an Azure instance other than the Azure public cloud.

Parameter properties

Type:	String
Default value:	None
Supports wildcards:	False
DontShow:	False

Parameter sets

DefaultAzureCredential Private

Position:	2
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

Interactive Private

Position:	2
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

ClientIdSecret Private

Position:	2
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

ClientIdCertificate Private

Position:	2
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-CertificateThumbprint

Specifies thumbprint to be used to identify the certificate to use. The cmdlet will search both CurrentUser and LocalMachine certificate stores.

Parameter properties

Type:	String
Default value:	None
Supports wildcards:	False
DontShow:	False

Parameter sets

ClientIdCertificate Public

Position:	1
Mandatory:	True
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

ClientIdCertificate Private

Position:	1
Mandatory:	True
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-ClientID

Specifies the application client ID.

Parameter properties

Type:	String
Default value:	None
Supports wildcards:	False
DontShow:	False

Parameter sets

ClientIdSecret Public

Position:	0
Mandatory:	True
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

ClientIdSecret Private

Position:	0
Mandatory:	True
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

ClientIdCertificate Public

Position:	0
Mandatory:	True
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

ClientIdCertificate Private

Position:	0
Mandatory:	True
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-DefaultAzureCredential

Indicates that this cmdlet uses DefaultAzureCredential for acquiring token. The following credential types, if enabled, will be tried, in order:

EnvironmentCredential
WorkloadIdentityCredential
ManagedIdentityCredential
SharedTokenCacheCredential
VisualStudioCredential
VisualStudioCodeCredential
AzureCliCredential
AzurePowerShellCredential
AzureDeveloperCliCredential
InteractiveBrowserCredential

Refer to DefaultAzureCredential Class for more information on each credential type.

Parameter properties

Type:	SwitchParameter
Default value:	None
Supports wildcards:	False
DontShow:	False

Parameter sets

DefaultAzureCredential Public

Position:	0
Mandatory:	True
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

DefaultAzureCredential Private

Position:	0
Mandatory:	True
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-ExcludeCredential

Indicates that DefaultAzureCredential should exclude the list of credential types specified while acquiring a token.

Parameter properties

Type:	CredentialType[]
Default value:	None
Accepted values:	EnvironmentCredential, WorkloadIdentityCredential, ManagedIdentityCredential, SharedTokenCacheCredential, VisualStudioCredential, VisualStudioCodeCredential, AzureCliCredential, AzurePowerShellCredential, AzureDeveloperCliCredential, InteractiveBrowserCredential
Supports wildcards:	False
DontShow:	False

Parameter sets

DefaultAzureCredential Public

Position:	1
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

DefaultAzureCredential Private

Position:	1
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-Interactive

Indicates that this cmdlet prompts the user for credentials.

Parameter properties

Type:	SwitchParameter
Default value:	None
Supports wildcards:	False
DontShow:	False

Parameter sets

Interactive Public

Position:	0
Mandatory:	True
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

Interactive Private

Position:	0
Mandatory:	True
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-Secret

Specifies the application secret.

Parameter properties

Type:	String
Default value:	None
Supports wildcards:	False
DontShow:	False

Parameter sets

ClientIdSecret Public

Position:	1
Mandatory:	True
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

ClientIdSecret Private

Position:	1
Mandatory:	True
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-Tenant

Specifies a tenant in Azure.

Parameter properties

Type:	String
Default value:	None
Supports wildcards:	False
DontShow:	False

Parameter sets

ClientIdSecret Public

Position:	2
Mandatory:	True
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

ClientIdSecret Private

Position:	2
Mandatory:	True
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

ClientIdCertificate Public

Position:	2
Mandatory:	True
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

ClientIdCertificate Private

Position:	2
Mandatory:	True
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

CommonParameters

This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable, -ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.

Outputs

System.Object

SQLServer_Cmdlets

Share via

Add-SqlAzureAuthenticationContext

Syntax

DefaultAzureCredential Public

DefaultAzureCredential Private

Interactive Public

Interactive Private

ClientIdSecret Public

ClientIdSecret Private

ClientIdCertificate Public

ClientIdCertificate Private

Description

Examples

Example 1: Prompt a user for credentials to authenticate a user to Azure Resource Manager

Example 2: Authenticate a user to Azure Resource Manager

Example 3: Use DefaultAzureCredential to authenticate a user to Azure Resource Manager

Example 4: Use DefaultAzureCredential but exclude few credential types to authenticate a user to Azure Resource Manager

Parameters

-ActiveDirectoryAuthority

Parameter properties

Parameter sets

-AzureKeyVaultResourceId

Parameter properties

Parameter sets

-AzureManagedHsmResourceId

Parameter properties

Parameter sets

-CertificateThumbprint

Parameter properties

Parameter sets

-ClientID

Parameter properties

Parameter sets

-DefaultAzureCredential

Parameter properties

Parameter sets

-ExcludeCredential

Parameter properties

Parameter sets

-Interactive

Parameter properties

Parameter sets

-Secret

Parameter properties

Parameter sets

-Tenant

Parameter properties

Parameter sets

CommonParameters

Outputs

System.Object

Related Links

Feedback