Azure SQL Database
An Azure relational database service.
5,652 questions
Please try the steps provided on this documentation.
Hope it helps.
Users not able to login to SSMS due to an token identified principal error after enforcing MFA
Lavanya, Sridhar
0
Reputation points
Error Message:
===================================
Cannot connect to DATABASENAME
===================================
Login failed for user '
{count} votes
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(220.8, 4%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESM%3C/text%3E%3C/svg%3E)
ShaktiSingh-MSFT 15,296 Reputation points2023-03-07T07:20:10.52+00:00 Hi @Lavanya, Sridhar,
Just checking in to see if the below answer helped. If this answers your query, do click
Accept AnswerandMark Helpfulfor the same. And, if you have any further query do let us know.
Sign in to comment
2 answers
Sort by: Most helpful
-
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(236.8, 79%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ER%3C/text%3E%3C/svg%3E)
RahulRandive 9,666 Reputation points2023-03-04T03:55:57.7133333+00:00 Thanks for the question.
Login failed for user '<token-identified principal>
This error is usually related to a AAD user that does not have user created on SQL DB or is not the Server Admin
Please find below blog for such errors and mitigation steps.
AAD Auth Error - Login failed for user '<token-identified principal>' - Microsoft Community Hub
Possible mitigation step would be-
create the user in the DB Create contained database users in your database mapped to Azure AD identities
To create an Azure AD-based contained database user (other than the server administrator that owns the database), connect to the database with an Azure AD identity, as a user with at least the ALTER ANY USER permission. Then use the following Transact-SQL syntax:
CREATE USER [<Azure_AD_principal_name>] FROM EXTERNAL PROVIDER;
Examples: To create a contained database user representing an Azure AD federated or managed domain user:
CREATE USER [bob@contoso.com] FROM EXTERNAL PROVIDER;
CREATE USER [alice@fabrikam.onmicrosoft.com] FROM EXTERNAL PROVIDER;
Let us know if this helps!