There is a functionality
CREATE USER [xxxx] FROM EXTERNAL PROVIDER WITH OBJECT_ID='xxx'
This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
We have recently started using System Managed Identities for our app services to access our Azure SQL databases. Our Azure AD app registrations use the same name as the app service, so the application object service principal has the same name as the SMI service principal. When our DBA tries to create the user (i.e. "CREATE USER...") in the database they receive this error.
Principal 'xxxx' has a duplicate display name. Make the display name unique in Azure Active Directory and execute this statement again.
We have found that we can get around this error by temporarily renaming the app registration name on the "Branding & Properties" page, which allows the DBA to successfully execute "create user...". Once this is complete we restore the original app name. While the error message indicates that the display name must be unique, we wouldn't expect to be able to restore the name.
Although our naming standards might be unconventional (to have the same name for the app service and application object), since our workaround essentially allows the SMI service principal object to have the same name as the application object then the "CREATE USER..." command should complete without giving the error, and without having to rename the registration.
Our workaround seems kludgey, so we wanted to know if this behavior is expected or if this could be a bug somewhere.
There is a functionality
CREATE USER [xxxx] FROM EXTERNAL PROVIDER WITH OBJECT_ID='xxx'