This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(12.8, 64%, 11%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EML%3C/text%3E%3C/svg%3E)
I am currently testing our SQL Server, which is configured with SQL authentication and is being transitioned to support both SQL and Azure Active Directory (AAD) authentication.
During testing, I attempted to log in using the "Active Directory - Universal with MFA Support" option. However, I encountered the following error:
Error: "Login failed for user '
Can you please confirm whether the account via which you are trying to login has necessary access on the database. If yes, can you confirm what is the access?
And are you accessing the database via SSMS?
First of all @Nandan Hegde thank you for your reply
1.From azure side user access is "Sql Server Contributor" and "SQL Database Contributor"
2.If access is the how that user allowed to access through "Active Directory - Password" ?
3.Yes I am using SSMS
seems like some important information is missed in initial question. Full Update Question @Nandan hegde
I am currently testing our SQL Server, which is configured with SQL authentication and is being transitioned to support both SQL and Azure Active Directory (AAD) authentication.
During testing, I attempted to log in using the "Active Directory - Universal with MFA Support" option. However, I encountered the following error:
Error: "Login failed for user '<token-identified principal>'. The server is not currently configured to accept this token. (.Net SqlClient Data Provider)"
Notably, when I attempted to log in using the "Active Directory - Password" option with an email and password, the authentication was successful, and the user was able to log in without any issues.
Is this an SQL Server instance on-prem? If so, have you enabled the machine it runs on for Azure Arc? That's a pre-condition for enabling for Entra ID Authentication. (Yeah, it's called Entra these days, not AAD. Not my idea.) You must also configure an Entra ID Adminisrator.
1.No this is Azure Paas service
2.I configured entra administrator from the Setting --> MicrosoftEntraid --> Setadmin
3.I have no idea about azure arc, do we need azure arc for MFA authentication ?
No, you don't need Azure Arc for Azure SQL Database. It was not clear which environment you were using.
what do you mean as an environment?
It was not clear to me that you were using Azure SQL Database. You said "SQL Server", so I assumed that it was on-prem. Turned out my assumption was wrong, and my answer was not at all helpful to you.
Not on Prem that's why I mentioned "Azure Paas service"
In cloud when we create PAAS Database Service it has sql server too, it is the place where we are doing configuration of "Microsoft Entraid" authentication related configurations