Login failed for user '<token-identified principal>'. (Microsoft SQL Server, Error: 18456) in a group but works when the user is added directly

Question

Login failed for user '<token-identified principal>'. (Microsoft SQL Server, Error: 18456) in a group but works when the user is added directly

MrFlinstone 416

I get the error Login failed for user '<token-identified principal>'. (Microsoft SQL Server, Error: 18456) from Azure SQL server when a user tries to login using Azure Active Directory - Universal with MFA.

My Azure AD login is within a group, other members of the group can login to the database, but I get the error '<token-identified principal>'. (Microsoft SQL Server, Error: 18456), however If the user is added to the database, then I can login and it works.

    create user [myUserName@contoso.com] from external provider  
    GO  
    EXEC sp_addrolemember N'db_datareader', N'myUserName@contoso.com'

I was wondering if there is a reason for this.

Oury Ba-MSFT 10,331 Reputation points Microsoft Employee

2022-07-01T16:32:56.597+00:00

Hi @MrFlinstone Thank you for posting your question on Microsoft Q&A and for using Azure services.
What version of SSMS are you using?

Regards,
Oury
Oury Ba-MSFT 10,331 Reputation points Microsoft Employee

2022-07-05T23:23:19.627+00:00

Hi @MrFlinstone Could you please share more details about the version of SSMS you are using?

Regards,
Oury
syr jhanns 1 Reputation point

2023-01-11T19:52:39.0766667+00:00

having similar issue w/ SSMS v 15.0.18386.0 (v18.9.2). please help. with this v of SSMS i can gain successful access to Azure Synapse Analytics SQL Pool for DEV env but not PROD env. SSMS connect method details are:

Server type: Database Engine

Server name: <DEVSERVER> | <PRODSERVER>

Authentication: Azure Active Directory - Universal with MFA

User name: same approved client AD user account name for either DEV or PROD env.

Oury Ba-MSFT 10,331 Reputation points Microsoft Employee

2022-07-01T16:32:56.597+00:00

Hi @MrFlinstone Thank you for posting your question on Microsoft Q&A and for using Azure services.
What version of SSMS are you using?

Regards,
Oury
Oury Ba-MSFT 10,331 Reputation points Microsoft Employee

2022-07-05T23:23:19.627+00:00

Hi @MrFlinstone Could you please share more details about the version of SSMS you are using?

Regards,
Oury
syr jhanns 1 Reputation point

2023-01-11T19:52:39.0766667+00:00

having similar issue w/ SSMS v 15.0.18386.0 (v18.9.2). please help. with this v of SSMS i can gain successful access to Azure Synapse Analytics SQL Pool for DEV env but not PROD env. SSMS connect method details are:

Server type: Database Engine

Server name: <DEVSERVER> | <PRODSERVER>

Authentication: Azure Active Directory - Universal with MFA

User name: same approved client AD user account name for either DEV or PROD env.

Answer 1

naveen G kumar 1

@Oury Ba-MSFT - I am also facing same issue and the SSMS version - v18.9.1

Oury Ba-MSFT 10,331 Reputation points Microsoft Employee

2022-11-22T18:47:56.32+00:00

@naveen G kumar Same issue was raised sometimes back on Microsoft Q&A. Please see https://learn.microsoft.com/en-us/answers/questions/133709/login-failed-for-user-39lttoken-identified-princip.html
and let us know if that resolves your issue.

Regards,
Oury

Login failed for user '<token-identified principal>'. (Microsoft SQL Server, Error: 18456) in a group but works when the user is added directly

1 answer

Activity