Add-SqlAzureAuthenticationContext

Performs authentication to Azure and acquires an authentication token.

Syntax

Add-SqlAzureAuthenticationContext
   [-DefaultAzureCredential]
   [[-ExcludeCredential] <CredentialType[]>]
   [-ProgressAction <ActionPreference>]
   [<CommonParameters>]
Add-SqlAzureAuthenticationContext
   [-DefaultAzureCredential]
   [[-ExcludeCredential] <CredentialType[]>]
   [-ActiveDirectoryAuthority] <String>
   [-AzureKeyVaultResourceId] <String>
   [[-AzureManagedHsmResourceId] <String>]
   [-ProgressAction <ActionPreference>]
   [<CommonParameters>]
Add-SqlAzureAuthenticationContext
   [-Interactive]
   [-ProgressAction <ActionPreference>]
   [<CommonParameters>]
Add-SqlAzureAuthenticationContext
   [-Interactive]
   [-ActiveDirectoryAuthority] <String>
   [-AzureKeyVaultResourceId] <String>
   [[-AzureManagedHsmResourceId] <String>]
   [-ProgressAction <ActionPreference>]
   [<CommonParameters>]
Add-SqlAzureAuthenticationContext
   [-ClientID] <String>
   [-Secret] <String>
   [-Tenant] <String>
   [-ProgressAction <ActionPreference>]
   [<CommonParameters>]
Add-SqlAzureAuthenticationContext
   [-ClientID] <String>
   [-Secret] <String>
   [-Tenant] <String>
   [-ActiveDirectoryAuthority] <String>
   [-AzureKeyVaultResourceId] <String>
   [[-AzureManagedHsmResourceId] <String>]
   [-ProgressAction <ActionPreference>]
   [<CommonParameters>]
Add-SqlAzureAuthenticationContext
   [-ClientID] <String>
   [-CertificateThumbprint] <String>
   [-Tenant] <String>
   [-ProgressAction <ActionPreference>]
   [<CommonParameters>]
Add-SqlAzureAuthenticationContext
   [-ClientID] <String>
   [-CertificateThumbprint] <String>
   [-Tenant] <String>
   [-ActiveDirectoryAuthority] <String>
   [-AzureKeyVaultResourceId] <String>
   [[-AzureManagedHsmResourceId] <String>]
   [-ProgressAction <ActionPreference>]
   [<CommonParameters>]

Description

The Add-SqlAzureAuthenticationContext cmdlet authenticates the specified principal account to Azure Resource Manager. Use this cmdlet with other cmdlets that interact with Azure resources, such as Azure Key Vault.

Module requirements: version 21+ on PowerShell 5.1; version 22+ on PowerShell 7.x.

Examples

Example 1: Prompt a user for credentials to authenticate a user to Azure Resource Manager

Add-SqlAzureAuthenticationContext -Interactive

This command prompts a user for a username and a password and then authenticates the user to Azure Resource Manager.

Example 2: Authenticate a user to Azure Resource Manager

Add-SqlAzureAuthenticationContext -ClientID '00001111-aaaa-2222-bbbb-3333cccc4444' -Secret '[Placeholder]' -Tenant '11112222-bbbb-3333-cccc-4444dddd5555'

This command performs authentication of the application principal with the specified client ID, which has been defined in the specified tenant, to Azure Resource Manager.

Example 3: Use DefaultAzureCredential to authenticate a user to Azure Resource Manager

Add-SqlAzureAuthenticationContext -DefaultAzureCredential

This command acquires token using the following credential types, if enabled, will be tried, in order: EnvironmentCredential, WorkloadIdentityCredential, ManagedIdentityCredential, SharedTokenCacheCredential, VisualStudioCredential, VisualStudioCodeCredential, AzureCliCredential, AzurePowerShellCredential, AzureDeveloperCliCredential, InteractiveBrowserCredential.

Example 4: Use DefaultAzureCredential but exclude few credential types to authenticate a user to Azure Resource Manager

Add-SqlAzureAuthenticationContext -DefaultAzureCredential `
   -ExcludeCredentials EnvironmentCredential, AzureDeveloperCliCredential

This command acquires token using the following credential types, if enabled, will be tried, in order: WorkloadIdentityCredential, ManagedIdentityCredential, SharedTokenCacheCredential, VisualStudioCredential, VisualStudioCodeCredential, AzureCliCredential, AzurePowerShellCredential, InteractiveBrowserCredential. NOTE that EnvironmentCredential, AzureDeveloperCliCredential are excluded from the above types.

Parameters

-ActiveDirectoryAuthority

Specifies the base authority for Azure Active Directory authentication. Same value as the ActiveDirectoryAuthority property from the Azure PowerShell Environment object.

Type:String
Position:1
Default value:None
Required:True
Accept pipeline input:False
Accept wildcard characters:False

-AzureKeyVaultResourceId

Specifies the resource ID for Azure Key Vault services. Same value as the AzureKeyVaultServiceEndpointResourceId property from the Azure PowerShell Environment object.

Type:String
Position:2
Default value:None
Required:True
Accept pipeline input:False
Accept wildcard characters:False

-AzureManagedHsmResourceId

Specifies the resource ID for the Azure Managed HSM service. Use this parameter to override the default value https://managedhsm.azure.net when your managed HSM resource is in an Azure instance other than the Azure public cloud.

Type:String
Position:2
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-CertificateThumbprint

Specifies thumbprint to be used to identify the certificate to use. The cmdlet will search both CurrentUser and LocalMachine certificate stores.

Type:String
Position:1
Default value:None
Required:True
Accept pipeline input:False
Accept wildcard characters:False

-ClientID

Specifies the application client ID.

Type:String
Position:0
Default value:None
Required:True
Accept pipeline input:False
Accept wildcard characters:False

-DefaultAzureCredential

Indicates that this cmdlet uses DefaultAzureCredential for acquiring token. The following credential types, if enabled, will be tried, in order:

  • EnvironmentCredential
  • WorkloadIdentityCredential
  • ManagedIdentityCredential
  • SharedTokenCacheCredential
  • VisualStudioCredential
  • VisualStudioCodeCredential
  • AzureCliCredential
  • AzurePowerShellCredential
  • AzureDeveloperCliCredential
  • InteractiveBrowserCredential

Refer to DefaultAzureCredential Class for more information on each credential type.

Type:SwitchParameter
Position:0
Default value:None
Required:True
Accept pipeline input:False
Accept wildcard characters:False

-ExcludeCredential

Indicates that DefaultAzureCredential should exclude the list of credential types specified while acquiring a token.

Type:CredentialType[]
Accepted values:EnvironmentCredential, WorkloadIdentityCredential, ManagedIdentityCredential, SharedTokenCacheCredential, VisualStudioCredential, VisualStudioCodeCredential, AzureCliCredential, AzurePowerShellCredential, AzureDeveloperCliCredential, InteractiveBrowserCredential
Position:1
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-Interactive

Indicates that this cmdlet prompts the user for credentials.

Type:SwitchParameter
Position:0
Default value:None
Required:True
Accept pipeline input:False
Accept wildcard characters:False

-ProgressAction

Determines how PowerShell responds to progress updates generated by a script, cmdlet, or provider, such as the progress bars generated by the Write-Progress cmdlet. The Write-Progress cmdlet creates progress bars that show a command's status.

Type:ActionPreference
Aliases:proga
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-Secret

Specifies the application secret.

Type:String
Position:1
Default value:None
Required:True
Accept pipeline input:False
Accept wildcard characters:False

-Tenant

Specifies a tenant in Azure.

Type:String
Position:2
Default value:None
Required:True
Accept pipeline input:False
Accept wildcard characters:False

Outputs

System.Object