Do you have an idea or suggestion based on your experience with Azure Database for PostgreSQL?

Add ability to authenticate against Azure Active Directory

It'd be really useful to not have to rely on DB users for authentication but allow integration with AAD. That way we can enforce password complexity, expiry etc which can't be done with native users.

58 votes
Sign in
(thinking…)
Sign in with: oidc
Signed in as (Sign out)

We’ll send you updates on this idea

Chris Burns shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

4 comments

Sign in
(thinking…)
Sign in with: oidc
Signed in as (Sign out)
Submitting...
  • Tera Byte commented  ·   ·  Flag as inappropriate

    Many companies use Active Directory to manage users and groups. Naturally, most companies would want to manage their database users and groups in Active Directory too. PostgreSQL comes with ldap/kerberos authentication by default but does not provide anything that helps with managing users and groups in an external directory. And even for the authentication the user already needs to be existent in PostgreSQL. Ideally an AD admin should be able to create a group for pg_admins and pg_users in AD. Users in those groups should be able to authenticate against postgres without having to add a username and pw entry on the db itself. Similar to SQL server. OR (I’m not sure if this is possible) adding RBAC users to the db instance in Azure Portal should add the user to the db and user-password syncs should happen between AD and the db. This would allow those admins to enforce password complexity, set password expiry rules, and simplify management of db users overall for operational teams.

  • Dmitry commented  ·   ·  Flag as inappropriate

    Guys, seriously - give Win-based companies the tool to manage their users. When the staff is more than 100 people it becomes hard to support access rights without AD/AAD and they would be stone-sitting on SQL Servers...

  • Sunil Agarwal commented  ·   ·  Flag as inappropriate

    Chris, thanks for interest. AAD investigation started late 2018. We are working on AAD integration for OSS databases. We don't have strict timelines for private/public/GA. I will be happy to talk to you to understand your requirements to unblock.

    regards
    Sunil

Feedback and Knowledge Base