Hi Please provide the steps/documentation on how to set service principal as the Azure AD admin for the postgresql server. I am trying to do all this through terraform. Once the service principal is AAD i want to run few create role commands on the postgresql. Also can service principal be directly set as AAD admin without any user/group?

@Abhay Gupta Thank you for reaching out. Yes, you can set a Service Principal as AAD admin using Azure CLI. az postgres server ad-admin create --server-name SERVERNAME -g RESOURCEGROUP --display-name YourServicePrincipalDisplayName --object-id YourServicePrincipalObjectID More info the CLI commands is here However, for authentication using the SPN, you will need to add it to an AD Group and set the group as AD Admin. ---------- If an answer is helpful, please " Accept answer " or " Up-Vote " which might help other community members reading this thread. And if you have further questions or issues, please let us know.

Please provide documentation on how to set a Service Principal as an AD Administrator

Accepted answer

KalyanChanumolu-MSFT 8,331 Reputation points

2021-07-06T06:12:14.177+00:00
@Abhay Gupta Thank you for reaching out.

Yes, you can set a Service Principal as AAD admin using Azure CLI.

az postgres server ad-admin create --server-name SERVERNAME -g RESOURCEGROUP --display-name YourServicePrincipalDisplayName --object-id YourServicePrincipalObjectID

More info the CLI commands is here

However, for authentication using the SPN, you will need to add it to an AD Group and set the group as AD Admin.

----------

If an answer is helpful, please "Accept answer" or "Up-Vote" which might help other community members reading this thread.
And if you have further questions or issues, please let us know.
Please sign in to rate this answer.
Abhay Gupta 71 Reputation points

2021-07-06T07:32:29.87+00:00

Thanks @KalyanChanumolu-MSFT for taking replying.

I will try and let you know

Quick questions

.1. Why I am not able to add Service principal as AAD for postgresql through the portal. It only allows you to select user/ group.

Please refer to below issue mentioned that even if you set service principal directly as AAD admin , you are unable to login to postgresql using it. Thoughts?

https://github.com/MicrosoftDocs/azure-docs/issues/60995

Thank You

KalyanChanumolu-MSFT 8,331 Reputation points

2021-07-06T09:38:40.08+00:00

@Abhay Gupta Thank you for referencing the issue.
I haven't tried if the authentication works when a service principal is added as AAD Admin. Please let me know how it goes for you.

If it doesn't work, you may try adding the service principal to an AD Security group and add the group as AAD admin, this functionality is supported on the portal.
I will try to get more details on the limitation of adding SPN's from Azure portal.

Abhay Gupta 71 Reputation points

2021-07-07T00:35:10.727+00:00

@KalyanChanumolu-MSFT

I was able to set SPN as the azure ad admin for postgresql but when trying to login through the SPN getting the below error

An error occurred while validating the access token. Please acquire a new token and retry.

Can you please try at your end to confirm this is not possible or I am missing something.

Thanks

KalyanChanumolu-MSFT 8,331 Reputation points

2021-07-09T08:48:45.39+00:00

@Abhay Gupta Apologies for the delay in coming back to you with an answer.
Unfortunately using the SPN as an AD Administrator is not a supported configuration. You will need to use an AD group and add the SPN to the group for authentication.

I have updated the answer accordingly.

----------

If an answer is helpful, please "Accept answer" or "Up-Vote" which might help other community members reading this thread.
And if you have further questions or issues, please let us know.
Sign in to comment

Use comments to ask for clarification, additional information, or improvements to the question.

Share via

Please provide documentation on how to set a Service Principal as an AD Administrator

0 additional answers

Your answer