Introduction

This guide explains how to register an application in Azure, generate the required credentials, and grant it access so Redbird can securely connect to your Azure-hosted database using the Service Principal method.

Overview of What You’ll Need

To connect Redbird to Azure, you will provide the following:

• Tenant ID
• Client ID (Application ID)
• Client Secret
• Server (database host)
• Database name
• Port

These come from two places:

1. Azure App Registration (identity & authentication)
2. Your Azure database (connection details & permissions)

Step 1: Register an App in Azure (Service Principal)

1. Sign in to the Azure Portal: https://portal.azure.com

2. Navigate to Azure Active Directory → App registrations

3. Click New registration

4. Fill in:

   • Name: e.g. Redbird Data Access
   • Supported account types: Single tenant (recommended)
   • Redirect URI: Not required

5. Click Register

After registration, keep this page open—you’ll need values from it.

📘 Microsoft docs: https://learn.microsoft.com/entra/identity-platform/quickstart-register-app

Step 2: Collect Tenant ID & Client ID

From the App registration → Overview page:

• Tenant ID → listed as Directory (tenant) ID
• Client ID → listed as Application (client) ID

These map directly to the fields in Redbird.

📘 Microsoft reference: https://learn.microsoft.com/entra/identity-platform/app-objects-and-service-principals

Step 3: Create a Client Secret

1. In the App registration, go to Certificates & secrets
2. Under Client secrets, click New client secret
3. Add a description and choose an expiration period
4. Click Add

⚠️ Important: Copy the secret VALUE immediately. This is the Client Secret you’ll enter in Redbird. Azure will not show it again.

📘 Microsoft docs: https://learn.microsoft.com/entra/identity-platform/howto-create-service-principal-portal

Step 4: Grant the App Access to Your Database

How you grant access depends on the database type (e.g. Azure SQL, Synapse, PostgreSQL, MySQL). The general pattern is:

1. Create a database user mapped to the Service Principal
2. Grant permissions (tables, schemas, or roles) to that user

Example: Azure SQL Database

1. Connect to the database as an admin

2. Create a user for the Service Principal:

   SQL

   CREATE USER [RedbirdApp] FROM EXTERNAL PROVIDER;

3. Grant access to required tables or schemas:

   SQL

   GRANT SELECT ON SCHEMA::dbo TO [RedbirdApp];

📘 Microsoft docs (Azure SQL + Entra ID): https://learn.microsoft.com/azure/azure-sql/database/authentication-aad-overview

Step 5: Gather Database Connection Details

From your Azure database configuration:

• Server Found in the database overview page (e.g. myserver.database.windows.net)

• Database The database name you want Redbird to query

• Port Usually:

  • 1433 for Azure SQL / SQL Server
  • 5432 for PostgreSQL
  • 3306 for MySQL

📘 Azure SQL connection details: https://learn.microsoft.com/azure/azure-sql/database/connect-query-portal

Step 6: Enter Credentials in Redbird

In Redbird, enter:

• Tenant ID
• Client ID
• Client Secret
• Server
• Database
• Port

Once saved, Redbird will authenticate using the Service Principal and only access the data you explicitly granted.

Troubleshooting & Tips

• Ensure the App Registration exists in the same tenant as the database

• If authentication fails, confirm:

  • Client secret has not expired
  • Permissions were granted at the database level

• Changes to permissions may require a few minutes to propagate

📘

Note you will likely require to whitelist Redbird's IP addresses in order to connect. The Redbird team can provide you with this list.