Skip to content

Commit 0a687e6

Browse files
Update how-to-configure-sign-in-azure-ad-authentication.md
1 parent 90b860e commit 0a687e6

File tree

1 file changed

+3
-3
lines changed

1 file changed

+3
-3
lines changed

articles/postgresql/single-server/how-to-configure-sign-in-azure-ad-authentication.md

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -158,7 +158,7 @@ To enable an Azure AD group for access to your database, use the same mechanism
158158
Example:
159159

160160
```
161-
CREATE ROLE "Prod DB Readonly" WITH LOGIN IN ROLE azure_ad_user;
161+
CREATE USER <new_user> IN ROLE azure_ad_user;
162162
```
163163
When logging in, members of the group will use their personal access tokens, but sign with the group name specified as the username.
164164

@@ -229,7 +229,7 @@ To add an Azure AD user to your Azure Database for PostgreSQL database, perform
229229
**Example:**
230230

231231
```sql
232-
CREATE ROLE "[email protected]" WITH LOGIN IN ROLE azure_ad_user;
232+
CREATE USER "[email protected]" IN ROLE azure_ad_user;
233233
```
234234

235235
> [!NOTE]
@@ -263,7 +263,7 @@ They will now be able to sign in with Azure AD credentials instead of using thei
263263
If a PostgreSQL user either does not exist in Azure AD or has a different username, you can use Azure AD groups to authenticate as this PostgreSQL user. You can migrate existing Azure Database for PostgreSQL users to Azure AD by creating an Azure AD group with a name that matches the PostgreSQL user, and then granting role azure_ad_user to the existing PostgreSQL user:
264264

265265
```sql
266-
GRANT azure_ad_user TO "DBReadUser";
266+
GRANT azure_ad_user TO <new_user>;
267267
```
268268

269269
This assumes you have created a group "DBReadUser" in your Azure AD. Users belonging to that group will now be able to sign in to the database as this user.

0 commit comments

Comments
 (0)