Benefits of System Assigned Managed identity on Azure SQL server

Question

Benefits of System Assigned Managed identity on Azure SQL server

Priya Jha 896

Hi All,

I do know the benefits of Managed identity on entities like Azure data factory, synapse etc. wherein we can avoid using service principals or creds to authenticate with source/sink.

But what are the use cases/benefits of assigning a SAMI to an Azure SQL database? Is it possible to generate OAuth token within Azure SQL DB via tsql script in case if I set up managed identity and authenticate to AD

SSingh-MSFT 16,371 Reputation points Moderator

2022-11-25T05:55:32.18+00:00

Hi @Priya Jha ,

Just checking in to see if the below answers helped. If this answers your query, do click Accept Answer and Up-Vote for the same. And, if you have any further query do let us know.

Accepted answer

1 additional answer

Your answer

SSingh-MSFT 16,371 Reputation points Moderator

2022-11-25T05:55:32.18+00:00

Hi @Priya Jha ,

Just checking in to see if the below answers helped. If this answers your query, do click Accept Answer and Up-Vote for the same. And, if you have any further query do let us know.

Answer 1

Nandan Hegde 36,151 MVP Volunteer Moderator

One of the use case which comes at the top of my mind is external database scoped credential authentication can be done via managed identity.
Similar email thread:
https://stackoverflow.com/questions/65520274/access-azure-storage-account-via-synapse-through-managed-identity

But I am not sure whether we can generate OAuth /Access Token via TSQL within Azure SQL Database

@Alberto Morillo @Ronen Ariely @Erland Sommarskog : Any thoughts w.r.t Access token? Thanks in advance for your thoughts

Samy Abdul 3,376 Reputation points

2022-11-25T09:29:20.817+00:00

Hi , in addition to what @Anonymous and @Nandan Hegde has

mentioned above, there is excellent documentation below:

Managed identities for transparent data encryption with customer-managed key:

https://learn.microsoft.com/en-us/azure/azure-sql/database/transparent-data-
encryption-byok-identity?view=azuresql

Answer 2

There are many benefits to using a SAMI with an Azure SQL database. SAMIs can be used to authenticate to Azure SQL databases using Azure Active Directory (AD), which can simplify identity management and provide better security. SAMIs can also be used to generate OAuth tokens, which can be used to access other Azure services more securely and easily.
There are several benefits of using a system-assigned managed identity on an Azure SQL server:

Azure SQL servers can be registered with Azure Active Directory (Azure AD) and given a managed identity. This allows the server to authenticate with Azure services that support Azure AD authentication, such as Azure Key Vault.
Azure SQL servers that have a system-assigned managed identity can be granted access to Azure resources, such as storage accounts, without the need to store credentials in the SQL server.
System-assigned managed identities on Azure SQL servers are managed by Azure and have built-in protection against accidental deletion or modification.
Azure SQL servers with system-assigned managed identities can take advantage of Azure Resource Manager's role-based access control to fine-tune access to Azure resources.

Share via

Benefits of System Assigned Managed identity on Azure SQL server

1 additional answer

Your answer