Entra ID P2 and Allowing Customers to Access a SQL Database

Thomas Carbone 21 Reputation points
2023-10-30T16:54:33.5333333+00:00

I have an Azure SQL Database and would like to give customers access to it in a C# program I am writing. I'm using Microsoft.Data.SqlClient. I've created a guest user and set up a conditional access policy.

I've got Email OTP and SMS active for the user. It works... when my program opens the connection it first sends an Email OTP. Then if successful it sends an SMS text code.

It's a bit cumbersome for the user. What I would like is for them to be able to enter a password and then either the OTP or SMS. IS there any way to do this?

Also, every time the program runs it requires passing the MFA. Is there any way to make it persist for a timespan? It seems to ignore the timespan I have set in the Entra admin portal.

Azure SQL Database
Microsoft Entra External ID
Microsoft Entra External ID
A modern identity solution for securing access to customer, citizen and partner-facing apps and services. It is the converged platform of Azure AD External Identities B2B and B2C. Replaces Azure Active Directory External Identities.
2,703 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,093 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. GeethaThatipatri-MSFT 28,462 Reputation points Microsoft Employee
    2023-10-30T18:38:27.98+00:00

    @Thomas Carbone Welcome to Microsoft Q&A thanks for posting your question

    Your MFA options are set by Azure AD / Entra ID, not SQL. please check your user/tenant configuration there.

    For not requiring MFA every time you run it, you can either use connection pooling or manually retrieve an access token for your user and reuse it for all new connections. If you repeatedly create a new connection without pooling, you will have to keep authenticating.

    You can also follow the document here https://learn.microsoft.com/en-us/entra/id-protection/howto-identity-protection-configure-mfa-policy

    Regards

    Geetha

    0 comments No comments