Share via

Azure SQL Server Entra ID only authentication in ARM

Dimitar Grozev 80 Reputation points
2024-01-25T11:44:18.1433333+00:00

Greetings, I am trying to create an Azure SQL Server with Entra ID only authentication using ARM templates as the title suggest. However if I don't add the administratorLogin and administratorPassword fields for the classis SQL server admin, the deployment fails with the erros:

Invalid value given for parameter Login. Specify a valid parameter value. (Code: InvalidParameterValue)

Here is the ARM template I am using, some of the parameters/variables might be missing as I copy/pasted:

{
    "$schema": "http://schema.management.azure.com/schemas/2014-04-01-preview/deploymentTemplate.json#",
    "contentVersion": "1.0.0.0",
    "parameters": {
        "sqlServerAadAdminName": {
            "type": "string"
        },
        "sqlServerAadAdminObjectId": {
            "type": "string"
        },
     },
     "variables": {
        "subscriptionId": "[subscription().subscriptionId]",
        "tenantId": "[subscription().tenantId]",
        "sqlServerAadAdminType": "Group",
        "sqlServerAadOnlyAuth": true,
     }
     "resources": [
         {
            "type": "Microsoft.Sql/servers",
            "apiVersion": "2020-11-01-preview",
            "location": "[parameters('location')]",
            "tags": "[parameters('serverTags')]",
            "name": "[parameters('serverName')]",
            "properties": {
                "administrator": {
                    "principalType": "[variables('sqlServerAadAdminType')]",
                    "azureADOnlyAuthentication": "[variables('sqlServerAadOnlyAuth')]",
                    "login": "[parameters('sqlServerAadAdminName')]",
                    "sid": "[parameters('sqlServerAadAdminObjectId')]",
                    "tenantId": "[variables('tenantId')]"
                }
            }
         }
      ]

So my question is, is it even possible to create an Azure SQL Server without the classic admin, or do I need to use a different version of API perhaps as I tried a couple of the latest and the result was the same? Thanks

SQL Server
SQL Server
A family of Microsoft relational database management and analysis systems for e-commerce, line-of-business, and data warehousing solutions.
14,004 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
22,128 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Jordan Hays 85 Reputation points Microsoft Employee
    2024-01-25T19:41:25.85+00:00

    Hello @Dimitar Grozev , Thanks for your question. What you're asking for is supported, though the deployment template version you're using is likely too old. Instructions, including a sample template, are available here: https://learn.microsoft.com/en-us/azure/azure-sql/database/authentication-azure-ad-only-authentication-create-server?view=azuresql&tabs=arm-template#azure-sql-database I personally verified the template just now and was able to deploy a server using it.

    1 person found this answer helpful.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.