Add-SqlAzureAuthenticationContext
Performs authentication to Azure and acquires an authentication token.
Syntax
Add-SqlAzureAuthenticationContext
[-DefaultAzureCredential]
[[-ExcludeCredential] <CredentialType[]>]
[-ProgressAction <ActionPreference>]
[<CommonParameters>]
Add-SqlAzureAuthenticationContext
[-DefaultAzureCredential]
[[-ExcludeCredential] <CredentialType[]>]
[-ActiveDirectoryAuthority] <String>
[-AzureKeyVaultResourceId] <String>
[[-AzureManagedHsmResourceId] <String>]
[-ProgressAction <ActionPreference>]
[<CommonParameters>]
Add-SqlAzureAuthenticationContext
[-Interactive]
[-ProgressAction <ActionPreference>]
[<CommonParameters>]
Add-SqlAzureAuthenticationContext
[-Interactive]
[-ActiveDirectoryAuthority] <String>
[-AzureKeyVaultResourceId] <String>
[[-AzureManagedHsmResourceId] <String>]
[-ProgressAction <ActionPreference>]
[<CommonParameters>]
Add-SqlAzureAuthenticationContext
[-ClientID] <String>
[-Secret] <String>
[-Tenant] <String>
[-ProgressAction <ActionPreference>]
[<CommonParameters>]
Add-SqlAzureAuthenticationContext
[-ClientID] <String>
[-Secret] <String>
[-Tenant] <String>
[-ActiveDirectoryAuthority] <String>
[-AzureKeyVaultResourceId] <String>
[[-AzureManagedHsmResourceId] <String>]
[-ProgressAction <ActionPreference>]
[<CommonParameters>]
Add-SqlAzureAuthenticationContext
[-ClientID] <String>
[-CertificateThumbprint] <String>
[-Tenant] <String>
[-ProgressAction <ActionPreference>]
[<CommonParameters>]
Add-SqlAzureAuthenticationContext
[-ClientID] <String>
[-CertificateThumbprint] <String>
[-Tenant] <String>
[-ActiveDirectoryAuthority] <String>
[-AzureKeyVaultResourceId] <String>
[[-AzureManagedHsmResourceId] <String>]
[-ProgressAction <ActionPreference>]
[<CommonParameters>]
Description
The Add-SqlAzureAuthenticationContext cmdlet authenticates the specified principal account to Azure Resource Manager. Use this cmdlet with other cmdlets that interact with Azure resources, such as Azure Key Vault.
Module requirements: version 21+ on PowerShell 5.1; version 22+ on PowerShell 7.x.
Examples
Example 1: Prompt a user for credentials to authenticate a user to Azure Resource Manager
Add-SqlAzureAuthenticationContext -Interactive
This command prompts a user for a username and a password and then authenticates the user to Azure Resource Manager.
Example 2: Authenticate a user to Azure Resource Manager
Add-SqlAzureAuthenticationContext -ClientID '00001111-aaaa-2222-bbbb-3333cccc4444' -Secret '[Placeholder]' -Tenant '11112222-bbbb-3333-cccc-4444dddd5555'
This command performs authentication of the application principal with the specified client ID, which has been defined in the specified tenant, to Azure Resource Manager.
Example 3: Use DefaultAzureCredential to authenticate a user to Azure Resource Manager
Add-SqlAzureAuthenticationContext -DefaultAzureCredential
This command acquires token using the following credential types, if enabled, will be tried, in order: EnvironmentCredential, WorkloadIdentityCredential, ManagedIdentityCredential, SharedTokenCacheCredential, VisualStudioCredential, VisualStudioCodeCredential, AzureCliCredential, AzurePowerShellCredential, AzureDeveloperCliCredential, InteractiveBrowserCredential.
Example 4: Use DefaultAzureCredential but exclude few credential types to authenticate a user to Azure Resource Manager
Add-SqlAzureAuthenticationContext -DefaultAzureCredential `
-ExcludeCredentials EnvironmentCredential, AzureDeveloperCliCredential
This command acquires token using the following credential types, if enabled, will be tried, in order: WorkloadIdentityCredential, ManagedIdentityCredential, SharedTokenCacheCredential, VisualStudioCredential, VisualStudioCodeCredential, AzureCliCredential, AzurePowerShellCredential, InteractiveBrowserCredential. NOTE that EnvironmentCredential, AzureDeveloperCliCredential are excluded from the above types.
Parameters
-ActiveDirectoryAuthority
Specifies the base authority for Azure Active Directory authentication. Same value as the ActiveDirectoryAuthority property from the Azure PowerShell Environment object.
Type: | String |
Position: | 1 |
Default value: | None |
Required: | True |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-AzureKeyVaultResourceId
Specifies the resource ID for Azure Key Vault services. Same value as the AzureKeyVaultServiceEndpointResourceId property from the Azure PowerShell Environment object.
Type: | String |
Position: | 2 |
Default value: | None |
Required: | True |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-AzureManagedHsmResourceId
Specifies the resource ID for the Azure Managed HSM service. Use this parameter to override the default value
https://managedhsm.azure.net
when your managed HSM resource is in an Azure instance other than the Azure public cloud.
Type: | String |
Position: | 2 |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-CertificateThumbprint
Specifies thumbprint to be used to identify the certificate to use. The cmdlet will search both CurrentUser
and
LocalMachine
certificate stores.
Type: | String |
Position: | 1 |
Default value: | None |
Required: | True |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-ClientID
Specifies the application client ID.
Type: | String |
Position: | 0 |
Default value: | None |
Required: | True |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-DefaultAzureCredential
Indicates that this cmdlet uses DefaultAzureCredential for acquiring token. The following credential types, if enabled, will be tried, in order:
- EnvironmentCredential
- WorkloadIdentityCredential
- ManagedIdentityCredential
- SharedTokenCacheCredential
- VisualStudioCredential
- VisualStudioCodeCredential
- AzureCliCredential
- AzurePowerShellCredential
- AzureDeveloperCliCredential
- InteractiveBrowserCredential
Refer to DefaultAzureCredential Class for more information on each credential type.
Type: | SwitchParameter |
Position: | 0 |
Default value: | None |
Required: | True |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-ExcludeCredential
Indicates that DefaultAzureCredential should exclude the list of credential types specified while acquiring a token.
Type: | CredentialType[] |
Accepted values: | EnvironmentCredential, WorkloadIdentityCredential, ManagedIdentityCredential, SharedTokenCacheCredential, VisualStudioCredential, VisualStudioCodeCredential, AzureCliCredential, AzurePowerShellCredential, AzureDeveloperCliCredential, InteractiveBrowserCredential |
Position: | 1 |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-Interactive
Indicates that this cmdlet prompts the user for credentials.
Type: | SwitchParameter |
Position: | 0 |
Default value: | None |
Required: | True |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-ProgressAction
Determines how PowerShell responds to progress updates generated by a script, cmdlet, or provider, such as the progress bars generated by the Write-Progress cmdlet. The Write-Progress cmdlet creates progress bars that show a command's status.
Type: | ActionPreference |
Aliases: | proga |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-Secret
Specifies the application secret.
Type: | String |
Position: | 1 |
Default value: | None |
Required: | True |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-Tenant
Specifies a tenant in Azure.
Type: | String |
Position: | 2 |
Default value: | None |
Required: | True |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Outputs
System.Object