azuredatastudio: Azure AD Guest User Access (B2B) failes to Authenticate

  • Azure Data Studio Version: 1.17.1 (MAC OS)

Steps to Reproduce:

Setup:

  1. Created a guest user in alternate AD Tenant AD.
  2. Invited the guest user into the primary AD.
  3. Ensure the Guest user accepted the invitation and configured MFA.
  4. Created a AD Group in the primary AD tenant called Guest_Group_Test and added the Guest User.
  5. Ensure AD Integration is on with the Azure SQL Server Azure AD by associating your AD User as owner or a group your a member of.
  6. Log into SQL Server using your user (not the guest)
  7. The following TSQL was ran in the SQL Database successfully.
CREATE USER [Guest_Group_Test] FROM EXTERNAL PROVIDER;
EXEC sp_addrolemember 'db_datareader', 'Guest_Group_Test';
  1. Open Azure Data Studio, make a new connection to the target Azure SQL Server.
  2. Choose Azure Active Directory - Universal with MFA Support
  3. Ensure the Account is the Guest user email who was added into the primary tenant via b2b.
  4. Click Connect

Error’s:

Retrieving the Azure token failed. Please Sign in again. Login failed for user '<token-identified principal>'.

Note: Tested on SSMS version 18 and the above scenario works with authenticating B2B users provided they are in a AD Group.

About this issue

  • Original URL
  • State: closed
  • Created 4 years ago
  • Comments: 42 (25 by maintainers)

Most upvoted comments

Going to keep this open until I can confirm the PR at least fixed some of the issues.

+1
aaomidi on May 21, 2020
Read more comments on GitHub
← Azure_Kinect_ROS_Driver: Random crash happens after topic subscription
azuredatastudio: azdata-LanguageService is causing huge delays in query execution →