Add-SqlAzureAuthenticationContext
Performs authentication to Azure and acquires an authentication token.
Syntax
Add-SqlAzureAuthenticationContext
[-DefaultAzureCredential]
[[-ExcludeCredential] <CredentialType[]>]
[-ProgressAction <ActionPreference>]
[<CommonParameters>] Add-SqlAzureAuthenticationContext
[-DefaultAzureCredential]
[[-ExcludeCredential] <CredentialType[]>]
[-ActiveDirectoryAuthority] <String>
[-AzureKeyVaultResourceId] <String>
[[-AzureManagedHsmResourceId] <String>]
[-ProgressAction <ActionPreference>]
[<CommonParameters>] Add-SqlAzureAuthenticationContext
[-Interactive]
[-ProgressAction <ActionPreference>]
[<CommonParameters>] Add-SqlAzureAuthenticationContext
[-Interactive]
[-ActiveDirectoryAuthority] <String>
[-AzureKeyVaultResourceId] <String>
[[-AzureManagedHsmResourceId] <String>]
[-ProgressAction <ActionPreference>]
[<CommonParameters>] Add-SqlAzureAuthenticationContext
[-ClientID] <String>
[-Secret] <String>
[-Tenant] <String>
[-ProgressAction <ActionPreference>]
[<CommonParameters>] Add-SqlAzureAuthenticationContext
[-ClientID] <String>
[-Secret] <String>
[-Tenant] <String>
[-ActiveDirectoryAuthority] <String>
[-AzureKeyVaultResourceId] <String>
[[-AzureManagedHsmResourceId] <String>]
[-ProgressAction <ActionPreference>]
[<CommonParameters>] Add-SqlAzureAuthenticationContext
[-ClientID] <String>
[-CertificateThumbprint] <String>
[-Tenant] <String>
[-ProgressAction <ActionPreference>]
[<CommonParameters>] Add-SqlAzureAuthenticationContext
[-ClientID] <String>
[-CertificateThumbprint] <String>
[-Tenant] <String>
[-ActiveDirectoryAuthority] <String>
[-AzureKeyVaultResourceId] <String>
[[-AzureManagedHsmResourceId] <String>]
[-ProgressAction <ActionPreference>]
[<CommonParameters>] Description
The Add-SqlAzureAuthenticationContext cmdlet authenticates the specified principal account to Azure Resource Manager. Use this cmdlet with other cmdlets that interact with Azure resources, such as Azure Key Vault.
Module requirements: version 21+ on PowerShell 5.1; version 22+ on PowerShell 7.x.
Examples
Example 1: Prompt a user for credentials to authenticate a user to Azure Resource Manager
Add-SqlAzureAuthenticationContext -InteractiveThis command prompts a user for a username and a password and then authenticates the user to Azure Resource Manager.
Example 2: Authenticate a user to Azure Resource Manager
Add-SqlAzureAuthenticationContext -ClientID 'ad34ca5a-a479-4cf4-b166-a2177b32d33e' -Secret '[Placeholder]' -Tenant '41fb6cc6-96f4-479d-bafd-a2e4810eb100'This command performs authentication of the application principal with the specified client ID, which has been defined in the specified tenant, to Azure Resource Manager.
Example 3: Use DefaultAzureCredential to authenticate a user to Azure Resource Manager
Add-SqlAzureAuthenticationContext -DefaultAzureCredentialThis command acquires token using the following credential types, if enabled, will be tried, in order: EnvironmentCredential, WorkloadIdentityCredential, ManagedIdentityCredential, SharedTokenCacheCredential, VisualStudioCredential, VisualStudioCodeCredential, AzureCliCredential, AzurePowerShellCredential, AzureDeveloperCliCredential, InteractiveBrowserCredential.
Example 4: Use DefaultAzureCredential but exclude few credential types to authenticate a user to Azure Resource Manager
Add-SqlAzureAuthenticationContext -DefaultAzureCredential `
-ExcludeCredentials EnvironmentCredential, AzureDeveloperCliCredentialThis command acquires token using the following credential types, if enabled, will be tried, in order: WorkloadIdentityCredential, ManagedIdentityCredential, SharedTokenCacheCredential, VisualStudioCredential, VisualStudioCodeCredential, AzureCliCredential, AzurePowerShellCredential, InteractiveBrowserCredential. NOTE that EnvironmentCredential, AzureDeveloperCliCredential are excluded from the above types.
Parameters
-ActiveDirectoryAuthority
Specifies the base authority for Azure Active Directory authentication. Same value as the ActiveDirectoryAuthority property from the Azure PowerShell Environment object.
| Type: | String |
| Position: | 1 |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-AzureKeyVaultResourceId
Specifies the resource ID for Azure Key Vault services. Same value as the AzureKeyVaultServiceEndpointResourceId property from the Azure PowerShell Environment object.
| Type: | String |
| Position: | 2 |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-AzureManagedHsmResourceId
Specifies the resource ID for the Azure Managed HSM service. Use this parameter to override the default value
https://managedhsm.azure.net when your managed HSM resource is in an Azure instance other than the Azure public cloud.
| Type: | String |
| Position: | 2 |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-CertificateThumbprint
Specifies thumbprint to be used to identify the certificate to use. The cmdlet will search both CurrentUser and
LocalMachine certificate stores.
| Type: | String |
| Position: | 1 |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-ClientID
Specifies the application client ID.
| Type: | String |
| Position: | 0 |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-DefaultAzureCredential
Indicates that this cmdlet uses DefaultAzureCredential for acquiring token. The following credential types, if enabled, will be tried, in order:
- EnvironmentCredential
- WorkloadIdentityCredential
- ManagedIdentityCredential
- SharedTokenCacheCredential
- VisualStudioCredential
- VisualStudioCodeCredential
- AzureCliCredential
- AzurePowerShellCredential
- AzureDeveloperCliCredential
- InteractiveBrowserCredential
Refer to DefaultAzureCredential Class for more information on each credential type.
| Type: | SwitchParameter |
| Position: | 0 |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-ExcludeCredential
Indicates that DefaultAzureCredential should exclude the list of credential types specified while acquiring a token.
| Type: | CredentialType[] |
| Accepted values: | EnvironmentCredential, WorkloadIdentityCredential, ManagedIdentityCredential, SharedTokenCacheCredential, VisualStudioCredential, VisualStudioCodeCredential, AzureCliCredential, AzurePowerShellCredential, AzureDeveloperCliCredential, InteractiveBrowserCredential |
| Position: | 1 |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Interactive
Indicates that this cmdlet prompts the user for credentials.
| Type: | SwitchParameter |
| Position: | 0 |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-ProgressAction
Determines how PowerShell responds to progress updates generated by a script, cmdlet, or provider, such as the progress bars generated by the Write-Progress cmdlet. The Write-Progress cmdlet creates progress bars that show a command's status.
| Type: | ActionPreference |
| Aliases: | proga |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Secret
Specifies the application secret.
| Type: | String |
| Position: | 1 |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Tenant
Specifies a tenant in Azure.
| Type: | String |
| Position: | 2 |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
Outputs
System.Object