Currently, the Postgres MS Entra ID authentication assumes the user's MS Entra ID matches the corresponding Postgres user in the database. Once we determined the MS Entra ID, we use it as both the user ID of the database user and the user for getting access tokens.
According to the documentation, this is always true for users in the same tenant. However, this is not true for guest users since their mapped database user name has the extra #EXT# tagged full name in their home tenant. The extension doesn't intend to support group user or service principal so that's not within our concern for now.
If you are using Guest account to access Postgres Flexible resources and you would like to use MS Entra ID to authenticate, please leave a comment here.
Currently, the Postgres MS Entra ID authentication assumes the user's MS Entra ID matches the corresponding Postgres user in the database. Once we determined the MS Entra ID, we use it as both the user ID of the database user and the user for getting access tokens.
According to the documentation, this is always true for users in the same tenant. However, this is not true for guest users since their mapped database user name has the extra
#EXT#
tagged full name in their home tenant. The extension doesn't intend to support group user or service principal so that's not within our concern for now.If you are using Guest account to access Postgres Flexible resources and you would like to use MS Entra ID to authenticate, please leave a comment here.