Re: Query data on Azure SQL Server database

Fri, 14 Mar 2025 14:12:19 -0700 

We use Azure SQL DBs as well. But to Bart's point, we opted against MFA for the 
following reasons.

Entra MFA will require a browser to perform the MFA. Maybe there's a "hack" go 
prevent (or simulate) that, but I'd argue it's not a good idea anyway.

On our end, we strictly use "service accounts" for database connections, ie. we 
never connect with the credentials of a personal. For the service account, we 
only use user/password authentication. Our policy is that MFA is not required 
when the user is on-prem (or connected via VPN). And our Azure DB is behind a 
firewall that only allows whitelisted IPs anyway, ie. this approach is in line 
with the organizational policies.

Additionally, the risk with using personal accounts is that if that person ever 
leaves the organization, their account will be deactivated in Entra, and then 
the pipelines will fail.

On 2025-03-13 2:55 PM EDT Bart Maertens <[email protected]> wrote:

>  
>  
> [2] -> 
> https://hop.apache.org//manual/latest/database/databases/mssqlnative.html#_integrated_authentication_windows_based_authentication
> 
> On Thu, Mar 13, 2025 at 7:52 PM Bart Maertens <[email protected] 
> mailto:[email protected]> wrote:
> 
> > Haven't used it personally, but based on what I read here [1], Entra ID 
> > could work with the SQL Server integrated authentication [2] in Apache Hop. 
> > MFA support will almost certainly be a problem, but that would be the case 
> > anyway in scheduled workflows or pipelines. 
> >  
> > [1] 
> > https://learn.microsoft.com/en-us/sql/relational-databases/security/authentication-access/azure-ad-authentication-sql-server-overview?view=sql-server-ver16#connect-sql-server-to-azure-with-azure-ad
> > [2] 
> > https://learn.microsoft.com/en-us/sql/relational-databases/security/authentication-access/azure-ad-authentication-sql-server-overview?view=sql-server-ver16#connect-sql-server-to-azure-with-azure-ad
> >  
> > B.
> > 
> > On Thu, Mar 13, 2025 at 7:38 PM Rob Burgess <[email protected] 
> > mailto:[email protected]> wrote:
> > 
> > > Hi
> > >  
> > > Is it possible to query data in a Azure SQL Server database using the 
> > > authentication type: Microsoft  Entra ID - Universal with MFA support?
> > >  
> > > Thanks
> > >  
> > > 
> > > Rob
> > > 
> > >  
> > > 
> > >  
> > > 
> > 
>

Reply via email to