I’m a noob when it comes to Multi-Factor Authentication (MFA).
I was using a Python CLI program to connect to an Azure Synapse database and it was working just fine for over a year. Something recently changed and I can no longer connect to the database. The error message I got is in this message: Did Azure Synapse database make changes to security recently.
My setup: Windows 10 running Python 3.12. I need to learn how to use MFA (Multi-Factor Authentication) to connect to an Azure Synapse database. It seems our Azure setup may no longer allow an Active Directory authentication in the connect string for pyodbc.
I have never used MFA at all in any Python context.
I have questions.
Can I use MFA with a CLI Python program? The program will run on Windows 10 as a scheduled task.
How do I use MFA with a CLI Python program to connect to an Azure Synapse database which is an MS SQL Server?
If I can’t use MFA in this case what should I use?
Thank you for any help. In the mean time I will be looking at some tutorials on Youtube so I’m not a total noob.
It sounds like you want to have a CLI app impersonate the user when connecting to the SQL DB (as opposed to the app be it’s own identity when accessing).
The first thing to note is that generally with Azure, apps never handle user auth (and MFA): you let Azure handle that.
The simplest solution is to delegate auth to Azure SDK using DefaultAzureCredential from azure-identity. Follow the guide in Azure’s docs.
This kind of question has nothing to do with the Python language, and is best asked on StackOverflow
Could you briefly describe the workaround? You don’t have to give internal details, but it could help future people who find this post and have the same question.
Someone had turned on 2FA on my Microsoft account without notifying me. I use this Microsoft account with an Active Directory login for Python programs to get access to a database. I also use the MS account for all other MS apps I use for my job. When 2FA was turned on to be required, the AD login was ignored and essentially became invalid.
Our workaround will be to create a new Microsoft user who only has access to the one database I need for CLI programs, has 2FA turned off, and use that in my CLI Python programs.