Issue with SQL Server Authentication Using "Active Directory - Universal with MFA Support"

Mithila Lishan 146 Reputation points
2024-08-30T07:56:14.27+00:00

I am currently testing our SQL Server, which is configured with SQL authentication and is being transitioned to support both SQL and Azure Active Directory (AAD) authentication.

During testing, I attempted to log in using the "Active Directory - Universal with MFA Support" option. However, I encountered the following error:

Error: "Login failed for user '<token-identified principal>'. The server is not currently configured to accept this token. (.Net SqlClient Data Provider)"

I couldn’t find a solution for this issue. Do I need to perform any additional configuration to enable this authentication method?

Notably, when I attempted to log in using the "Active Directory - Password" option with an email and password, the authentication was successful, and the user was able to log in without any issues

Azure SQL Database
SQL Server
SQL Server
A family of Microsoft relational database management and analysis systems for e-commerce, line-of-business, and data warehousing solutions.
13,639 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
21,292 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Erland Sommarskog 109.8K Reputation points MVP
    2024-08-30T21:54:39.5666667+00:00

    Is this an SQL Server instance on-prem? If so, have you enabled the machine it runs on for Azure Arc? That's a pre-condition for enabling for Entra ID Authentication. (Yeah, it's called Entra these days, not AAD. Not my idea.) You must also configure an Entra ID Adminisrator.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.