Share via

add user in cosmosdb Azure DocumentDB (with MongoDB compatibility) with entra authentication

Gajjala, Vinod Reddy 0 Reputation points
2026-03-11T07:06:42.62+00:00

i need to add user in cosmosdb Azure DocumentDB (with MongoDB compatibility) db...and the user is to connect to the via entra authentication only.... guide me how to add the user to connect to the db with privileges like read, read-write with entra authentiction...

Azure Cosmos DB
Azure Cosmos DB

An Azure NoSQL database service for app development.

0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. SUNOJ KUMAR YELURU 17,981 Reputation points MVP Volunteer Moderator
    2026-03-11T18:22:17.0666667+00:00

    Hello @Gajjala, Vinod Reddy,

    To add a user in Azure Cosmos DB (with MongoDB compatibility) and enable Microsoft Entra ID authentication, follow these steps:

    1. Enable Microsoft Entra ID Authentication: Ensure that Microsoft Entra ID authentication is enabled on your Azure Cosmos DB cluster. This can typically be done through the Azure portal by navigating to your Cosmos DB account and enabling the authentication method in the settings. After enabling, both NativeAuth and MicrosoftEntraID should be listed as enabled methods. 1
    2. Add Microsoft Entra ID Principals: You can add one or more Microsoft Entra ID principals (users, service principals, or managed identities) as administrator or non-administrator users. For non-administrative users, you can grant them specific roles such as readWrite or readAnyDatabase. Administrative users have full privileges, while non-administrative users can be granted either read-write or read-only permissions. 2
    3. Register the User: Register the Microsoft Entra ID principal on the cluster. This is done by creating an Azure resource of type Microsoft.DocumentDB/mongoClusters/users with the naming format <cluster-name>/users/<principal-id>. 3
    4. Assign Roles: For non-administrative users, you can assign roles like readWriteAnyDatabase for full read-write access or readAnyDatabase for read-only access. Note that the readWriteAnyDatabase and clusterAdmin roles must be assigned together for full read-write access. 4
    5. Connect Using Microsoft Entra ID: Once the user is added and roles are assigned, they can connect to the Azure Cosmos DB cluster using a connection string that includes their Microsoft Entra ID credentials. The connection string format should include the mongodb+srv scheme and specify the authentication mechanism as MONGODB-OIDC

    Connect to Azure DocumentDB using role-based access control and Microsoft Entra ID

    If this answers your query, do click Accept Answer and Up-Vote for the same. And, if you have any further query do let us know.

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.