Get the signed in account's identity to use with Azure services to connect to Azure Cosmos DB for NoSQL

APPLIES TO: NoSQL

Diagram of the current location ('Prepare') in the sequence of the deployment guide.

Diagram of the sequence of the deployment guide including these locations, in order: Overview, Concepts, Prepare, Role-based access control, and Reference. The 'Prepare' location is currently highlighted.

This article gives simple steps to get the identity of the currently signed in account. You can use this identity information later to grant role-based access control access to the signed in account to either manage data or resources in Azure Cosmos DB for NoSQL.

The current Azure CLI session could be signed in with a human identity (your account), a managed identity, a workload identity, or a service principal. No matter what type of identity you use with Azure CLI, to steps to get the details of the identity can be similar. For more information, see Microsoft Entra identity fundamentals.

Prerequisites

You can use the local Azure CLI.

Get signed in account identity

Use the command line to query the graph for information about your account's unique identifier.

  1. Get the details for the currently logged-in account using az ad signed-in-user.

    az ad signed-in-user show
    
  2. The command outputs a JSON response containing various fields.

    {
      "@odata.context": "<https://microsoftgraph.chinacloudapi.cn/v1.0/$metadata#users/$entity>",
      "businessPhones": [],
      "displayName": "Kai Carter",
      "givenName": "Kai",
      "id": "aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb",
      "jobTitle": "Senior Sales Representative",
      "mail": "<kai@adventure-works.com>",
      "mobilePhone": null,
      "officeLocation": "Redmond",
      "preferredLanguage": null,
      "surname": "Carter",
      "userPrincipalName": "<kai@adventure-works.com>"
    }
    

    Tip

    Record the value of the id field. In this example, that value would be aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb. This value can then be used in various scripts to grant your current account role-based access control permissions to Azure resources.

Use the in-portal panes for Microsoft Entra ID to get details of your currently signed-in user account.

  1. Sign in to the Azure portal (https://portal.azure.cn).

  2. On the Home pane, locate and select the Microsoft Entra ID option.

    Screenshot of the Microsoft Entra ID option in the 'Home' page of the Azure portal.

    Tip

    If this option is not listed, select More services and then search for Microsoft Entra ID using the search term "Entra".

  3. Within the Overview pane for the Microsoft Entra ID tenant, select Users inside the Manage section of the service menu.

    Screenshot of the 'Users' option in the service menu for the Microsoft Entra ID tenant.

  4. In the list of users, select the identity (user) that you want to get more details about.

    Screenshot of the list of users for a Microsoft Entra ID tenant with an example user highlighted.

    Note

    This screenshot illustrates an example user named "Kai Carter" with a principal of kai@adventure-works.com.

  5. On the details pane for the specific user, observe the value of the Object ID property.

    Screenshot of the details pane for a specific user in a Microsoft Entra ID tenant with their unique 'Object ID' highlighted.

    Tip

    Record the value of the Object ID property. In this example, that value would be aaaaaaaa-bbbb-cccc-1111-222222222222. This value can then be used in various scripts to grant your current account role-based access control permissions to Azure resources.

  1. Get the details for the currently logged-in account using Get-AzADUser.

    Get-AzADUser -SignedIn | Format-List `
        -Property Id, DisplayName, Mail, UserPrincipalName
    
  2. The command outputs a list response containing various fields.

    Id                : aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb
    DisplayName       : Kai Carter
    Mail              : kai@adventure-works.com
    UserPrincipalName : kai@adventure-works.com
    

    Tip

    Record the value of the id field. In this example, that value would be aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb. This value can then be used in various scripts to grant your current account role-based access control permissions to Azure resources.

Next step