Create an Azure SQL Database server with a user-assigned managed identity

Applies to: Azure SQL Database

This how-to guide outlines the steps to create a logical server for Azure SQL Database with a user-assigned managed identity. For more information on the benefits of using a user-assigned managed identity for the server identity in Azure SQL Database, see User-assigned managed identity in Azure AD for Azure SQL.

To retrieve the system-assigned managed identity (SMI) or user-assigned managed identity or identities (UMI) of an Azure SQL Database, see Get or set a managed identity for a logical server or managed instance.

Note

If you're looking for a guide on Azure SQL Managed Instance, see Create an Azure SQL Managed Instance with a user-assigned managed identity.

Prerequisites

Create server configured with a user-assigned managed identity

The following steps outline the process of creating a new Azure SQL Database logical server and a new database with a user-assigned managed identity assigned.

Note

Multiple user-assigned managed identities can be added to the server, but only one identity can be the primary identity at any given time. In this example, the system-assigned managed identity is disabled, but it can be enabled as well.

  1. Browse to the Select SQL deployment option page in the Azure portal.

  2. If you aren't already signed in to Azure portal, sign in when prompted.

  3. Under SQL databases, leave Resource type set to Single database, and select Create.

  4. On the Basics tab of the Create SQL Database form, under Project details, select the desired Azure Subscription.

  5. For Resource group, select Create new, enter a name for your resource group, and select OK.

  6. For Database name enter your desired database name.

  7. For Server, select Create new, and fill out the New server form with the following values:

    • Server name: Enter a unique server name. Server names must be globally unique for all servers in Azure, not just unique within a subscription.
    • Server admin login: Enter an admin login name, for example: azureuser.
    • Password: Enter a password that meets the password requirements, and enter it again in the Confirm password field.
    • Location: Select a location from the dropdown list
  8. Select Next: Networking at the bottom of the page.

  9. On the Networking tab, for Connectivity method, select Public endpoint.

  10. For Firewall rules, set Add current client IP address to Yes. Leave Allow Azure services and resources to access this server set to No.

  11. Select Next: Security at the bottom of the page.

  12. On the Security tab, under Identity, select Configure Identities.

    Screenshot of Azure portal security settings of the create database process.

  13. On the Identity blade, under User assigned managed identity, select Add. Select the desired Subscription and then under User assigned managed identities select the desired user assigned managed identity from the selected subscription. Then select the Select button.

    Azure portal screenshot of adding user assigned managed identity when configuring server identity.

    Azure portal screenshot of user assigned managed identity when configuring server identity

  14. Under Primary identity, select the same user-assigned managed identity selected in the previous step.

    Azure portal screenshot of selecting primary identity for server

    Note

    If the system-assigned managed identity is the primary identity, the Primary identity field must be empty.

  15. Select Apply

  16. Select Review + create at the bottom of the page

  17. On the Review + create page, after reviewing, select Create.

Next steps