Microsoft Entra ID support in SQL Server Data Tools (SSDT)

Applies to: Not supported. SQL Server Azure SQL Database Azure Synapse Analytics Not supported. Analytics Platform System (PDW)

SQL Server Data Tools (SSDT) provides several authentication methods with Microsoft Entra ID (formerly Azure Active Directory).

Note

While Microsoft Entra ID is the new name for Azure Active Directory (Azure AD), to prevent disrupting existing environments, Azure AD still remains in some hardcoded elements such as UI fields, connection providers, error codes, and cmdlets. In this article, the two names are interchangeable.

In Visual Studio, open the SQL Server Object Explorer (in the View menu), and select Add SQL Server:

Screenshot of SSDT connection dialog.

Which Azure SQL products?

This article discusses Microsoft Entra ID for the following list of SQL products in the Azure cloud:

Microsoft Entra password authentication

Active Directory Password Authentication is a mechanism of connecting to the Azure SQL products that were listed previously. The mechanism uses identities in Microsoft Entra ID. Use this method for connecting when:

  • You're logged in to Windows with credentials from a domain that isn't federated with Azure, or
  • You're using Microsoft Entra authentication with Microsoft Entra ID, based on the initial or client domain.

For more information, see Connecting to SQL Database By Using Microsoft Entra authentication.

Microsoft Entra integrated authentication

Active Directory Integrated Authentication is a mechanism of connecting to the listed SQL products in Azure by using identities in Microsoft Entra ID. Use this method to connect if you're logged in to Windows using your Microsoft Entra credentials from a federated domain. For more information, see Connect to Azure SQL Database with Microsoft Entra authentication.

Active Directory Interactive Authentication

Active Directory Interactive Authentication is available when connecting to the listed Azure SQL products with SSDT, but only with .NET Framework 4.7.2 or a later version.

Multifactor authentication

Active Directory Interactive Authentication supports an interactive authentication allowing you to use Microsoft Entra multifactor authentication to authenticate with the listed Azure SQL products. This method supports native and federated Microsoft Entra users, and guest users from other accounts. The other types of account include:

  • Business-to-Business (Microsoft Entra B2B) users.
  • Microsoft accounts, from providers such as Outlook and Windows Live Mail.
  • Non-Microsoft accounts, such as Gmail.

If the MFA method is specified, the User Name must be specified, and the Password field is disabled.

Password entry

When you authenticate with Active Directory Interactive Authentication, an authentication window opens that requires users to enter a password manually. MFA enforcement is provided by Microsoft Entra ID through this additional MFA pop-up window.

Note

Automated workflows would be blocked by the use of Active Directory Interactive Authentication. There must be a person available to interact with the authentication process, in the form of manually entering a password.

Known issues and limitations

  • Active Directory Interactive Authentication is only supported when connecting to the SQL products that were listed at the start of this article.
  • Single sign-on integration with the currently logged in Visual Studio account isn't supported for SSDT.
  • The SQLPackage.exe that is installed into the Extensions directory during Visual Studio installation isn't meant to be used from that location. To use SQLPackage.exe with Microsoft Entra ID, go to Data-Tier Application Framework