Get the signed in account's identity to use with Azure services to connect to Azure Cosmos DB for Table

Article
02/05/2025
Applies to:

✅ Table

Diagram of the current location ('Prepare') in the sequence of the deployment guide.

This article gives simple steps to get the identity of the currently signed in account. You can use this identity information later to grant role-based access control access to the signed in account to either manage data or resources in Azure Cosmos DB for Table.

The current Azure CLI session could be signed in with a human identity (your account), a managed identity, a workload identity, or a service principal. No matter what type of identity you use with Azure CLI, to steps to get the details of the identity can be similar. For more information, see Microsoft Entra identity fundamentals.

Prerequisites

An Azure account with an active subscription. Create an account for free.

Use the Bash environment in Azure Cloud Shell. For more information, see Quickstart for Bash in Azure Cloud Shell.
If you prefer to run CLI reference commands locally, install the Azure CLI. If you're running on Windows or macOS, consider running Azure CLI in a Docker container. For more information, see How to run the Azure CLI in a Docker container.
- If you're using a local installation, sign in to the Azure CLI by using the az login command. To finish the authentication process, follow the steps displayed in your terminal. For other sign-in options, see Sign in with the Azure CLI.
- When you're prompted, install the Azure CLI extension on first use. For more information about extensions, see Use extensions with the Azure CLI.
- Run az version to find the version and dependent libraries that are installed. To upgrade to the latest version, run az upgrade.

If you choose to use Azure PowerShell locally:
- Install the latest version of the Az PowerShell module.
- Connect to your Azure account using the Connect-AzAccount cmdlet.
If you choose to use Azure Cloud Shell:
- See Overview of Azure Cloud Shell for more information.

Get signed in account identity

Use the command line to query the graph for information about your account's unique identifier.

Get the details for the currently logged-in account using az ad signed-in-user.

Azure CLI
```
az ad signed-in-user show
```

The command outputs a JSON response containing various fields.

JSON

{
  "@odata.context": "<https://graph.microsoft.com/v1.0/$metadata#users/$entity>",
  "businessPhones": [],
  "displayName": "Kai Carter",
  "givenName": "Kai",
  "id": "aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb",
  "jobTitle": "Senior Sales Representative",
  "mail": "<kai@adventure-works.com>",
  "mobilePhone": null,
  "officeLocation": "Redmond",
  "preferredLanguage": null,
  "surname": "Carter",
  "userPrincipalName": "<kai@adventure-works.com>"
}

Tip

Record the value of the id field. In this example, that value would be aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb. This value can then be used in various scripts to grant your current account role-based access control permissions to Azure resources.

Use the in-portal panes for Microsoft Entra ID to get details of your currently signed-in user account.

Sign in to the Azure portal (https://portal.azure.com).
On the Home pane, locate and select the Microsoft Entra ID option.

Tip

If this option is not listed, select More services and then search for Microsoft Entra ID using the search term "Entra".
Within the Overview pane for the Microsoft Entra ID tenant, select Users inside the Manage section of the service menu.
In the list of users, select the identity (user) that you want to get more details about.

Note

This screenshot illustrates an example user named "Kai Carter" with a principal of kai@adventure-works.com.
On the details pane for the specific user, observe the value of the Object ID property.

Tip

Record the value of the Object ID property. In this example, that value would be aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb. This value can then be used in various scripts to grant your current account role-based access control permissions to Azure resources.

Get the details for the currently logged-in account using Get-AzADUser.

Azure PowerShell
```
Get-AzADUser -SignedIn | Format-List `
    -Property Id, DisplayName, Mail, UserPrincipalName
```
The command outputs a list response containing various fields.

Output
```
Id                : aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb
DisplayName       : Kai Carter
Mail              : kai@adventure-works.com
UserPrincipalName : kai@adventure-works.com
```
Tip

Record the value of the id field. In this example, that value would be aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb. This value can then be used in various scripts to grant your current account role-based access control permissions to Azure resources.

Next step

Create managed identities

Additional resources

Documentation

Data plane actions reference (preview) - Azure Cosmos DB for Table

This article includes a list of all potential data plane actions for use with role-based access control (RBAC) in Azure Cosmos DB for Table.
Create managed identities - Azure Cosmos DB for Table

Review the steps required to create user-assigned or system-assigned managed identities for use with Azure hosting services that connect to Azure Cosmos DB for Table.
Secure applications guidance - Azure Cosmos DB for Table

Review the fundamentals of securing Azure Cosmos DB for Table using role-based access control and Microsoft Entra.
Microsoft.DocumentDB/databaseAccounts 2024-09-01-preview - Bicep, ARM template & Terraform AzAPI reference

Azure Microsoft.DocumentDB/databaseAccounts syntax and properties to use in Azure Resource Manager templates for deploying the resource. API version 2024-09-01-preview
Microsoft.DocumentDB/databaseAccounts/tableRoleDefinitions - Bicep, ARM template & Terraform AzAPI reference

Azure Microsoft.DocumentDB/databaseAccounts/tableRoleDefinitions syntax and properties to use in Azure Resource Manager templates for deploying the resource. API version latest
Microsoft.DocumentDB/databaseAccounts/tables - Bicep, ARM template & Terraform AzAPI reference

Azure Microsoft.DocumentDB/databaseAccounts/tables syntax and properties to use in Azure Resource Manager templates for deploying the resource. API version latest
Microsoft.DocumentDB/databaseAccounts/sqlRoleAssignments 2024-05-15 - Bicep, ARM template & Terraform AzAPI reference

Azure Microsoft.DocumentDB/databaseAccounts/sqlRoleAssignments syntax and properties to use in Azure Resource Manager templates for deploying the resource. API version 2024-05-15

Training

Module

Introduction to using Managed Identity to authenticate to Azure OpenAI with .NET - Training

How to implement role based access control and managed identity authentication to Azure OpenAI with .NET.

Certification

Microsoft Certified: Identity and Access Administrator Associate - Certifications

Demonstrate the features of Microsoft Entra ID to modernize identity solutions, implement hybrid solutions, and implement identity governance.

Events

Build AI Apps and Agents

Mar 17, 9 PM - Mar 21, 10 AM

Join the meetup series to build scalable AI solutions based on real-world use cases with fellow developers and experts.

Share via

Get the signed in account's identity to use with Azure services to connect to Azure Cosmos DB for Table

Prerequisites

Get signed in account identity

Next step

Feedback

Additional resources