Straight from Microsoft’s documentation “Microsoft Entra authentication is a mechanism of connecting to Azure Database for PostgreSQL flexible server by using identities defined in Microsoft Entra ID. With Microsoft Entra authentication, you can manage database user identities and other Microsoft services in a central location, which simplifies permission management.”

Why would I want this? Well if you are standardizing on this platform you probably want to link with your Entra setup. Other benefits include:

• Auth of users across Azure services in a uniform way.
• Management of password policies and password rotation in a single place.
• Support for multiple forms of authentication, which can eliminate the need to store passwords (Managed Identity possible for example)
• The ability to manage database permissions by using external (Microsoft Entra ID) groups.
• The use of PostgreSQL database roles to authenticate identities at the database level.

The next set questions I am asking myself here, how does this is look and how does it feel?

The form of authentication looks like this:

So straightaway you can tell that authenticating seems quite “manual” because the high level setup would look like:

1. Setup Entra Admin on the flexible server.
2. Get your token via CLI.
3. Use a tool like ADS (Azure Data Studio), pgadmin or whatever your tool of choice is and issue a connection via Entra Auth.
4. Login as admin to the PostgreSQL server.
5. Create the principals (the user-based roles) code example: (Role name must match the Entra object)

select * from pg_catalog.pgaadauth_create_principal(roleName text, isAdmin boolean, isMfa boolean)

6. Grant access to target databases downstream for above group.

So yes whilst we are authenticating via Entra, in this version of its implementation, in my opinion, it is a little fiddly (and I have ran into token expiration issues ) I hope to see improvements in time.