Integrate with Azure Active Directory
Really need to be able to set resource level access control integrated with Azure Active Directory. The current built-in user / resource access control is a pain to use and we end up with just using the master key and giving everyone access to everything.
Azure SQL DB already has this, and is a pleasure to work with.
Perhaps you should take a leaf from your sister team on this -
This feature is now available in public preview. Please visit https://docs.microsoft.com/azure/cosmos-db/how-to-setup-rbac for more information.
Mikael Olenfalk commented
Hi this feature is currently in status NEED-FEEDBACK, where do I send feedback?
Ayan Mullick commented
The link is broken
I assume only cosmos was implied with "our Control Plane has AAD support"?
I couldn't care less for cosmos, but really would like to see Azure Storage Table get AAD support so the same credentials could be used for all Azure Storage services.
Are there any updates regarding when this will be introduced?
MSI is actually possible to do today as our Control Plane has AAD support.
Work on AAD support for Data Plane (eg. CRUD operations) is Started. There is no closed preview for this at this time.
André Sørhus commented
This is confusing. As the response on this says state is "Started" on control plane, and https://feedback.azure.com/forums/263030-azure-cosmos-db/suggestions/33896353-support-msi-managed-service-identity-direct-acce specifically related to control plane is actually completed. Maybe skew this towards the data plane and update on the status here? Heard some rumor that AAD for data plane is currently in closed preview.
How is it? Any further informations?
Jordan Jennings commented
AAD for data plane is sorely needed! Managing resource tokens is a huge pain.
Jay Quenneville commented
Currently there is no way to authenticate to tables within a storage account via a security principal. This is currently available for blobs, queues, and in Azure SQL.
Blob and Queues = https://docs.microsoft.com/en-us/azure/storage/common/storage-auth-aad
Azure SQL = https://docs.microsoft.com/en-us/azure/sql-database/sql-database-aad-authentication-configure
We would love a way to be able to authenticate to table storage with our app service service principal
"Work on AAD Support for control plane has started" -> control plane is one thing but the Data plane is much much more important. Are you also going to work on this for the data plane?
If not, please add this to the roadmap because CosmosDB without this is useless in the financial industry. Also, if I read the original request correctly this is about data plane, not control plane.
Joseph Ficara commented
We are very much looking forward to this feature.
Alex Gorischek commented
I'd like to see Cosmos DB added to this list:
I realize that there's another suggestion on this site that was asking for something similar, but that request was marked as "Complete" even though the requested feature doesn't actually exist.
Cameron Taggart commented
OAuth is supported in Azure Storage for blobs and queues, but not tables. Please add support for tables. https://docs.microsoft.com/en-us/azure/storage/common/storage-auth-aad
Andrew Wickham commented
Is there any sort of rough timeline for adding that support?
Syedhamjath Syedmansur commented
Please provide Azure AD based authentication for all distribution of API's so that we can use SSO from Power BI and other applications.
Joonas Westlin commented
I would like to try this if you have a private preview later
Jeremy Whiteley commented
Also Support Azure AD B2C
Is this already implemented? I see mention of AD here.
Is it also integrated with AD B2C?