I'm testing Password Vault manager with a Azure SQL Database as DataSource. I'm currently unable to add Azure AD Guest users to the tool. Is there any way to do that?
Here's the exception:
System.Data.SqlClient.SqlException (0x80131904): Principal '*******************' could not be found or this principal type is not supported.
at System.Data.SqlClient.SqlConnection.OnError(SqlException exception, Boolean breakConnection, Action`1 wrapCloseInAction)
at System.Data.SqlClient.SqlInternalConnection.OnError(SqlException exception, Boolean breakConnection, Action`1 wrapCloseInAction)
at System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj, Boolean callerHasConnectionLock, Boolean asyncClose)
at System.Data.SqlClient.TdsParser.TryRun(RunBehavior runBehavior, SqlCommand cmdHandler, SqlDataReader dataStream, BulkCopySimpleResultSet bulkCopyHandler, TdsParserStateObject stateObj, Boolean& dataReady)
at System.Data.SqlClient.SqlCommand.RunExecuteNonQueryTds(String methodName, Boolean async, Int32 timeout, Boolean asyncWrite)
at System.Data.SqlClient.SqlCommand.InternalExecuteNonQuery(TaskCompletionSource`1 completion, String methodName, Boolean sendToPipe, Int32 timeout, Boolean& usedCache, Boolean asyncWrite, Boolean inRetry)
at Devolutions.RemoteDesktopManager.Business.DataSources.DatabaseConnectionDataSource.ExecuteNonQuery(String sql, IDbConnection dbConnection, IDbDataParameter parameters, Int32 commandTimeout)
at Devolutions.RemoteDesktopManager.Business.DataSources.SQLServerSecuritySubDataSource.c0f1073165f8f02c085488db7a4527c40(String c18973cea236a9feff75c32ca7d1697d5, IDbConnection cc8ffdaea2e23db4129bef3df37e0e2f5, IDbTransaction c5a0ca8eaa594113c2f0b3cfe13dedff9)
at Devolutions.RemoteDesktopManager.Business.DataSources.SQLServerSecuritySubDataSource.cc9ef1b9149bf4e5c56322b29f013c3fd(UserEntity cf98b881282579a38f0d3820b4755fa4a, Boolean cd589fb599494638c495afc5cf9b2449e, String ceb81d1ee93f91e0bc57f34876c263863, SaveUserInfoAdvancedCustomData ca846991ced5070300e1c8ec384f436f9, Guid cf090f8a8f0907c3009c224a9172cab64)
Stefane is our expert with Azure and he is currently on vacation. I will ask him to check this with you when he gets back,
Sorry to jump in, but as I understand you want to create an Azure AD user in PVM.
We have a few steps to follow for the configuration and I don't think that the steps are in the PVM documentation (I will verify and update the documentation).
Could you consult the following link to make sure that the basic configuration has been made in Azure
Although our various support queues will be monitored for emergencies, Devolutions' offices will be closed on Monday, October 8th, 2018.
I can create users that belongs directly to the directory, but users that have been created as Guests in the directory by means of Azure AD B2C cannot be added.
I'm having a hard time figuring out if Guests are allowed or not. My guess, with the error you are receiving, would be not allowed.
You could try to create the user manually. This would eliminate all of RDM's code and if it works would allow us to better understand what the underlying issue in RDM.
You can follow this link for detail steps: https://docs.microsoft.com/en-us/azure/sql-database/sql-database-aad-authentication-configure#create-contained-database-users-in-your-database-mapped-to-azure-ad-identities
- Start SQL Server Management Studio (SSMS)
- Connect to you Azure SQL Database using your Azure AD account
- In a query window run : CREATE USER <GUEST_Azure_AD_principal_name> FROM EXTERNAL PROVIDER;
If this works then the issue is in RDM. If not, SQL Azure doesn't yet support Guest accounts. If this is truly the case then keep in mind that all things Azure changes very rapidly and it could be supported shortly. We try to keep up to date as much as possible with the available features. When/if it is supported we will make the required changes to RDM to support it.
Just found this information have a look at the "Azure AD features and limitations" section
Microsoft accounts (for example outlook.com, hotmail.com, live.com) or other guest accounts (for example gmail.com, yahoo.com) are not supported. If you can log in to https://login.live.com using the account and password, then you are using a Microsoft account, which is not supported for Azure AD authentication for Azure SQL Database or Azure SQL Data Warehouse.