9.9.1Support for Entra Authentication for Azure Databases

Connecting to an Azure Entra capable SQL Server database can be done with the standard Smile CDR database connection configuration. Azure defines the client setup requirements depending on how you intend to connect to your database. Smile CDR contains both the azure-identity and msal4j jars, and so can connect using any of the following authentication methods:

• ActiveDirectoryPassword
• ActiveDirectoryIntegrated
• ActiveDirectoryInteractive
• ActiveDirectoryServicePrincipal
• ActiveDirectoryServicePrincipalCertificate
• ActiveDirectoryManagedIdentity
• ActiveDirectoryMSI
• ActiveDirectoryDefault

9.9.1.1SQL Server

To use Entra Authentication with SQL Server, you must use the JDBC url provided by the Azure Connection Strings page. Here is an example of what one might look like, when using Active Directory Managed Identity:

module.clustermgr.config.db.url=jdbc:sqlserver://my-entra-capable-database.database.windows.net:1433;database=cdr;encrypt=true;trustServerCertificate=false;hostNameInCertificate=*.database.windows.net;loginTimeout=30;Authentication=ActiveDirectoryMSI

For those authentication methods which require a username and password, they can be set either in the db.username and db.password fields of the Smile CDR properties file, or alternatively, they can also be placed in the JDBC url.

9.9.1.2PostgreSQL

For Postgresql, Entra authentication is handled by the AzurePostgresqlAuthenticationPlugin. The following is an example of how to use a JDBC url.

module.clustermgr.config.db.url=jdbc:postgresql://my-entra-capable-database.postgres.database.azure.com/clustermgr?sslmode=require&authenticationPluginClassName=com.azure.identity.extensions.jdbc.postgresql.AzurePostgresqlAuthenticationPlugin&user=my-managed-identity

More documentation about this can be read here.