Ensure that Azure Active Directory authentication is configured to allow you to centrally manage identity and access to your Microsoft Azure PostgreSQL database servers by using an Active Directory administrator.
This rule resolution is part of the Conformity Security & Compliance tool for Azure.
Azure Active Directory (AAD) authentication represents a secure instrument that can be used to connect to your Azure PostgreSQL database servers using identities available within the Active Directory. With Azure AAD authentication, the identities of the PostgreSQL database users can be managed in one central location, simplifying access permission management. Other benefits provided by the AAD authentication feature include:
Providing authentication across Microsoft Azure services in a uniform way;
Supporting multiple forms of authentication in order to eliminate the need to store access passwords;
Using PostgreSQL database roles to authenticate identities at the database level;
Allowing customers to manage PostgreSQL database permissions using external (AAD) groups;
Providing tools for management of password policies and password rotation in one single place;
Supporting token-based authentication for applications connecting to your PostgreSQL database servers.
Audit
To determine if an Active Directory administrator is configured for PostgreSQL authentication within your Azure PostgreSQL database server settings, perform the following actions:
Note: Auditing Azure PostgreSQL database servers for AAD admin-based authentication using Azure CLI or Azure PowerShell is not currently supported.Remediation / Resolution
To configure an Azure Active Directory (AAD) administrator for authentication and access to your Microsoft Azure PostgreSQL database servers, perform the following operations:
Note: Configuring a Microsoft Azure Active Directory (AAD) admin for PostgreSQL database server authentication using Azure CLI or Azure PowerShell is not currently supported.References
Unlock the Remediation Steps
Free 30-day Trial
Automatically audit your configurations with Conformity
and gain access to our cloud security platform.
You are auditing:
Use Azure Active Directory Admin for PostgreSQL Authentication
Risk Level: Medium