Hi @Philippe Vlaemminck Greetings! Welcome to Microsoft Q&A forum. Thank you for posting this question here.
There are few additional checks you can validate to make sure the System Managed Identity can access the Azure SQL Server.
- Enable Microsoft Entra authentication to SQL Database by assigning a Microsoft Entra user as the admin of the server. Please note that this user is different from the Microsoft account you used to sign up for your Azure subscription. It must be a user that you created, imported, synced, or invited into Microsoft Entra ID. You can get the details of the Object ID for the System Managed identity created by running the following Azure CLI command
azureaduser=$(az ad user list --filter "userPrincipalName eq '<user-principal-name>'" --query [].id --output tsv)
Add this Microsoft Entra user as an Active Directory admin using az sql server ad-admin create command in the Cloud Shell.
az sql server ad-admin create --resource-group myResourceGroup --server-name <server-name> --display-name ADMIN --object-id $azureaduser
- Once you create the User into the Database, you would need to provide
db_datareader
or db_datawriter
access to the identity. Please refer the following commands that needs to be executed by logging in through Entra Admin role to the SQL server
CREATE USER [<identity-name>] FROM EXTERNAL PROVIDER;
ALTER ROLE db_datareader ADD MEMBER [<identity-name>];
ALTER ROLE db_datawriter ADD MEMBER [<identity-name>];
GO
- Configure the Azure Function SQL connection string to use Microsoft Entra managed identity authentication. In the application settings of our Function App the SQL connection string setting should be updated to follow this format:
Server=demo.database.windows.net; Authentication=Active Directory Managed Identity; Database=testdb
Refer the article Tutorial: Connect a function app to Azure SQL with managed identity and SQL bindings that provides more details on the above configurations. Please let us know if you still encounter the same issue after validating the above steps.
If the response helped, please do click Accept Answer and Yes for the answer provided. Doing so would help other community members with similar issue identify the solution. I highly appreciate your contribution to the community.