diff --git a/website/docs/docs/cloud/connect-data-platform/connect-microsoft-fabric.md b/website/docs/docs/cloud/connect-data-platform/connect-microsoft-fabric.md
index e9d67524e89..78641136bdf 100644
--- a/website/docs/docs/cloud/connect-data-platform/connect-microsoft-fabric.md
+++ b/website/docs/docs/cloud/connect-data-platform/connect-microsoft-fabric.md
@@ -6,13 +6,13 @@ sidebar_label: "Connect Microsoft Fabric"
## Supported authentication methods
The supported authentication methods are:
-- Azure Active Directory (Azure AD) service principal
-- Azure AD password
+- Microsoft Entra service principal
+- Microsoft Entra password
-SQL password (LDAP) is not supported in Microsoft Fabric Synapse Data Warehouse so you must use Azure AD. This means that to use [Microsoft Fabric](https://www.microsoft.com/en-us/microsoft-fabric) in dbt Cloud, you will need at least one Azure AD service principal to connect dbt Cloud to Fabric, ideally one service principal for each user.
+SQL password (LDAP) is not supported in Microsoft Fabric Synapse Data Warehouse so you must use Microsoft Entra ID. This means that to use [Microsoft Fabric](https://www.microsoft.com/en-us/microsoft-fabric) in dbt Cloud, you will need at least one Microsoft Entra service principal to connect dbt Cloud to Fabric, ideally one service principal for each user.
-### Active Directory service principal
-The following are the required fields for setting up a connection with a Microsoft Fabric using Azure AD service principal authentication.
+### Microsoft Entra service principal
+The following are the required fields for setting up a connection with a Microsoft Fabric using Microsoft Entra service principal authentication.
| Field | Description |
| --- | --- |
@@ -25,9 +25,9 @@ The following are the required fields for setting up a connection with a Microso
| **Client secret** | The service principal's **client secret** (not the **client secret id**). |
-### Active Directory password
+### Microsoft Entra password
-The following are the required fields for setting up a connection with a Microsoft Fabric using Azure AD password authentication.
+The following are the required fields for setting up a connection with a Microsoft Fabric using Microsoft Entra password authentication.
| Field | Description |
| --- | --- |
@@ -35,8 +35,8 @@ The following are the required fields for setting up a connection with a Microso
| **Port** | The server port. You can use `1433` (the default), which is the standard SQL server port number. |
| **Database** | The database name. |
| **Authentication** | Choose **Active Directory Password** from the dropdown. |
-| **User** | The AD username. |
-| **Password** | The AD username's password. |
+| **User** | The Microsoft Entra username. |
+| **Password** | The Microsoft Entra password. |
## Configuration
diff --git a/website/docs/docs/cloud/git/setup-azure.md b/website/docs/docs/cloud/git/setup-azure.md
index 4724f842b65..3438a42772a 100644
--- a/website/docs/docs/cloud/git/setup-azure.md
+++ b/website/docs/docs/cloud/git/setup-azure.md
@@ -1,7 +1,7 @@
---
title: "Set up Azure DevOps"
id: "setup-azure"
-description: "You can set up your Azure DevOps by creating an Entra ID app and adding it to dbt Cloud."
+description: "You can set up your Azure DevOps by creating a Microsoft Entra ID app and adding it to dbt Cloud."
sidebar_label: "Set up Azure DevOps"
---
@@ -9,27 +9,28 @@ sidebar_label: "Set up Azure DevOps"
## Overview
-To use our native integration with Azure DevOps in dbt Cloud, an account admin needs to set up an Microsoft Entra ID app. We recommend setting up a separate [Entra ID application than used for SSO](/docs/cloud/manage-access/set-up-sso-azure-active-directory).
+To use our native integration with Azure DevOps in dbt Cloud, an account admin needs to set up an Microsoft Entra ID app. We recommend setting up a separate [Entra ID application than used for SSO](/docs/cloud/manage-access/set-up-sso-microsoft-entra-id).
-1. [Register an Entra ID app](#register-an-entra-id-app).
+1. [Register an Entra ID app](#register-a-microsoft-entra-id-app).
2. [Add permissions to your new app](#add-permissions-to-your-new-app).
3. [Add another redirect URI](#add-another-redirect-uri).
4. [Connect Azure DevOps to your new app](#connect-azure-devops-to-your-new-app).
5. [Add your Entra ID app to dbt Cloud](#add-your-azure-ad-app-to-dbt-cloud).
-Once the Entra ID app is added to dbt Cloud, an account admin must also [connect a service user](#connecting-a-service-user) via OAuth, which will be used to power headless actions in dbt Cloud such as deployment runs and CI.
+Once the Microsoft Entra ID app is added to dbt Cloud, an account admin must also [connect a service user](#connecting-a-service-user) via OAuth, which will be used to power headless actions in dbt Cloud such as deployment runs and CI.
-Once the Entra ID app is added to dbt Cloud and the service user is connected, then dbt Cloud developers can personally authenticate in dbt Cloud from Azure DevOps. For more on this, see [Authenticate with Azure DevOps](/docs/cloud/git/authenticate-azure).
+
+Once the Microsoft Entra ID app is added to dbt Cloud and the service user is connected, then dbt Cloud developers can personally authenticate in dbt Cloud from Azure DevOps. For more on this, see [Authenticate with Azure DevOps](/docs/cloud/git/authenticate-azure).
The following personas are required to complete the steps on this page:
-- Entra ID admin
+- Microsoft Entra ID admin
- Azure DevOps admin
- dbt Cloud account admin
- Azure admin (if your Entra ID and Azure DevOps environments are not connected)
-## Register an Entra ID app
+## Register a Microsoft Entra ID app
-An Entra ID admin needs to perform the following steps:
+A Microsoft Entra ID admin needs to perform the following steps:
1. Sign into your Azure portal and click **Microsoft Entra ID**.
2. Select **App registrations** in the left panel.
@@ -44,7 +45,8 @@ Many customers ask why they need to select Multitenant instead of Single tenant,
Here's what your app should look like before registering it:
-
+
+
## Add permissions to your new app
@@ -60,21 +62,22 @@ An Entra ID admin needs to provide your new app access to Azure DevOps:
## Add another redirect URI
-An Entra ID admin needs to add another redirect URI to your Entra ID application. This redirect URI will be used to authenticate the service user for headless actions in deployment environments.
+A Microsoft Entra ID admin needs to add another redirect URI to your Entra ID application. This redirect URI will be used to authenticate the service user for headless actions in deployment environments.
+
+1. Navigate to your Microsoft Entra ID application.
-1. Navigate to your Entra ID application.
2. Select the link next to **Redirect URIs**
3. Click **Add URI** and add the URI, replacing `YOUR_ACCESS_URL` with the [appropriate Access URL](/docs/cloud/about-cloud/access-regions-ip-addresses) for your region and plan:
-`https://YOUR_ACCESS_URL/complete/azure_active_directory_service_user`
+`https://YOUR_ACCESS_URL/complete/microsoft_entra_id_service_user`
4. Click **Save**.
## Create a client secret
-An Entra ID admin needs to complete the following steps:
+A Microsoft Entra ID admin needs to complete the following steps:
-1. Navigate to your Entra ID application.
+1. Navigate to your Microsoft Entra ID application.
2. Select **Certificates and Secrets** from the left navigation panel.
3. Select **Client secrets** and click **New client secret**
4. Give the secret a description and select the expiration time. Click **Add**.
@@ -82,11 +85,11 @@ An Entra ID admin needs to complete the following steps:
## Connect Azure DevOps to your new app
-An Azure admin will need one of the following permissions in both the Entra ID and Azure DevOps environments:
+An Azure admin will need one of the following permissions in both the Microsoft Entra ID and Azure DevOps environments:
- Azure Service Administrator
- Azure Co-administrator
-If your Azure DevOps account is connected to Entra ID, then you can proceed to [Connecting a service user](#connecting-a-service-user). However, if you're just getting set up, connect Azure DevOps to the Entra ID app you just created:
+If your Azure DevOps account is connected to Entra ID, then you can proceed to [Connecting a service user](#connecting-a-service-user). However, if you're just getting set up, connect Azure DevOps to the Microsoft Entra ID app you just created:
1. From your Azure DevOps account, select **Organization settings** in the bottom left.
2. Navigate to Microsoft Entra ID.
@@ -94,25 +97,27 @@ If your Azure DevOps account is connected to Entra ID, then you can proceed to [
4. Select the directory you want to connect.
5. Click **Connect**.
-
+
-## Add your Entra ID app to dbt Cloud
+## Add your Microsoft Entra ID app to dbt Cloud
A dbt Cloud account admin needs to perform the following steps.
-Once you connect your Entra ID app and Azure DevOps, you need to provide dbt Cloud information about the app:
+Once you connect your Microsoft Entra ID app and Azure DevOps, you need to provide dbt Cloud information about the app:
+
1. Navigate to your account settings in dbt Cloud.
2. Select **Integrations**.
3. Scroll to the Azure DevOps section.
4. Complete the form:
- **Azure DevOps Organization:** Must match the name of your Azure DevOps organization exactly. Do not include the `dev.azure.com/` prefix in this field. ✅ Use `my-devops-org` ❌ Avoid `dev.azure.com/my-devops-org`
- - **Application (client) ID:** Found in the Entra ID app.
- - **Client Secrets:** Copy the **Value** field in the Entra ID app client secrets and paste it in the **Client Secret** field in dbt Cloud. Entra ID admins are responsible for the Entra ID app secret expiration and dbt Admins should not the expiration date for rotation.
- - **Directory(tenant) ID:** Found in the Entra ID app.
-
+ - **Application (client) ID:** Found in the Microsoft Entra ID app.
+ - **Client Secrets:** Copy the **Value** field in the Microsoft Entra ID app client secrets and paste it in the **Client Secret** field in dbt Cloud. Entra ID admins are responsible for the Entra ID app secret expiration and dbt Admins should not the expiration date for rotation.
+ - **Directory(tenant) ID:** Found in the Microsoft Entra ID app.
+
+
+Your Microsoft Entra ID app should now be added to your dbt Cloud Account. People on your team who want to develop in the dbt Cloud IDE or dbt Cloud CLI can now personally [authorize Azure DevOps from their profiles](/docs/cloud/git/authenticate-azure).
-Your Entra ID app should now be added to your dbt Cloud Account. People on your team who want to develop in the dbt Cloud IDE or dbt Cloud CLI can now personally [authorize Azure DevOps from their profiles](/docs/cloud/git/authenticate-azure).
## Connect a service user
@@ -150,13 +155,14 @@ The service user's permissions will also power which repositories a team can sel
While it's common to enforce multi-factor authentication (MFA) for normal user accounts, service user authentication must not need an extra factor. If you enable a second factor for the service user, this can interrupt production runs and cause a failure to clone the repository. In order for the OAuth access token to work, the best practice is to remove any more burden of proof of identity for service users.
-As a result, MFA must be explicity disabled in the Office 365 or Entra ID administration panel for the service user. Just having it "un-connected" will not be sufficient, as dbt Cloud will be prompted to set up MFA instead of allowing the credentials to be used as intended.
+As a result, MFA must be explicity disabled in the Office 365 or Microsoft Entra ID administration panel for the service user. Just having it "un-connected" will not be sufficient, as dbt Cloud will be prompted to set up MFA instead of allowing the credentials to be used as intended.
+
**To disable MFA for a single user using the Office 365 Administration console:**
- Go to Microsoft 365 admin center -> Users -> Active users -> Select the user -> Manage multifactor authentication -> Select the user -> Disable multi-factor authentication.
-**To use the Entra ID interface:**
+**To use the Microsoft Entra ID interface:**
Note, this procedure involves disabling Security Defaults in your Entra ID environment.
@@ -360,8 +366,9 @@ You must connect your service user before setting up a dbt Cloud project, as the
A dbt Cloud account admin with access to the service user's Azure DevOps account must complete the following to connect the service user:
1. Sign in to the service user's Azure DevOps account.
2. In dbt Cloud, click **Link Azure Service User**.
-3. You will be directed to Azure DevOps and must accept the Entra ID app's permissions.
+3. You will be directed to Azure DevOps and must accept the Microsoft Entra ID app's permissions.
4. Finally, you will be redirected to dbt Cloud, and the service user will be connected.
+
Once connected, dbt Cloud displays the email address of the service user so you know which user's permissions are enabling headless actions in deployment environments. To change which account is connected, disconnect the profile in dbt Cloud, sign into the alternative Azure DevOps service account, and re-link the account in dbt Cloud.
diff --git a/website/docs/docs/cloud/manage-access/about-access.md b/website/docs/docs/cloud/manage-access/about-access.md
index ca2b7c7efe5..64826531245 100644
--- a/website/docs/docs/cloud/manage-access/about-access.md
+++ b/website/docs/docs/cloud/manage-access/about-access.md
@@ -66,7 +66,7 @@ of a group inherit any permissions applied to the group itself.
Users can be added to a dbt Cloud group based on their group memberships in the
configured [Identity Provider](sso-overview) for the account. In this way, dbt
Cloud administrators can manage access to dbt Cloud resources via identity
-management software like Azure AD, Okta, or GSuite. See _SSO Mappings_ below for
+management software like Microsoft Entra ID (formerly Azure AD), Okta, or GSuite. See _SSO Mappings_ below for
more information.
You can view the groups in your account or create new groups from the **Groups & Licenses**
diff --git a/website/docs/docs/cloud/manage-access/auth0-migration.md b/website/docs/docs/cloud/manage-access/auth0-migration.md
index a40bb006d06..21552b4e0ad 100644
--- a/website/docs/docs/cloud/manage-access/auth0-migration.md
+++ b/website/docs/docs/cloud/manage-access/auth0-migration.md
@@ -7,7 +7,7 @@ description: "Required actions for migrating to Auth0 for SSO services on dbt Cl
dbt Labs is partnering with Auth0 to bring enhanced features to dbt Cloud's single sign-on (SSO) capabilities. Auth0 is an identity and access management (IAM) platform with advanced security features, and it will be leveraged by dbt Cloud. These changes will require some action from customers with SSO configured in dbt Cloud today, and this guide will outline the necessary changes for each environment.
-If you have not yet configured SSO in dbt Cloud, refer instead to our setup guides for [SAML](/docs/cloud/manage-access/set-up-sso-saml-2.0), [Okta](/docs/cloud/manage-access/set-up-sso-okta), [Google Workspace](/docs/cloud/manage-access/set-up-sso-google-workspace), or [Azure Active Directory](/docs/cloud/manage-access/set-up-sso-azure-active-directory) single sign-on services.
+If you have not yet configured SSO in dbt Cloud, refer instead to our setup guides for [SAML](/docs/cloud/manage-access/set-up-sso-saml-2.0), [Okta](/docs/cloud/manage-access/set-up-sso-okta), [Google Workspace](/docs/cloud/manage-access/set-up-sso-google-workspace), or [Microsoft Entra ID (formerly Azure AD)](/docs/cloud/manage-access/set-up-sso-microsoft-entra-id) single sign-on services.
## Auth0 Multi-tenant URIs
@@ -90,9 +90,9 @@ You must complete the domain authorization before you toggle `Enable New SSO Aut
-## Azure Active Directory
+## Microsoft Entra ID
-Azure Active Directory admins will need to make a slight adjustment to the existing authentication app in the Azure AD portal. This migration does not require that the entire app be deleted or recreated; you can edit the existing app. Start by opening the Azure portal and navigating to the Active Directory overview.
+Microsoft Entra ID admins will need to make a slight adjustment to the existing authentication app in the Azure portal. This migration does not require that the entire app be deleted or recreated; you can edit the existing app. Start by opening the Azure portal and navigating to the Microsoft Entra ID overview.
Below are steps to update. You must complete all of them to ensure uninterrupted access to dbt Cloud and you should coordinate with your identity provider admin when making these changes.
@@ -108,7 +108,7 @@ Below are steps to update. You must complete all of them to ensure uninterrupted
-4. Navigate to the dbt Cloud environment and open the **Account Settings**. Click the **Single Sign-on** option from the left side menu and click the **Edit** option from the right side of the SSO pane. The **domain** field is the domain your organization uses to login to Azure AD. Toggle the **Enable New SSO Authentication** option and **Save**. _Once this option is enabled, it cannot be undone._
+4. Navigate to the dbt Cloud environment and open the **Account Settings**. Click the **Single Sign-on** option from the left side menu and click the **Edit** option from the right side of the SSO pane. The **domain** field is the domain your organization uses to login to Microsoft Entra ID. Toggle the **Enable New SSO Authentication** option and **Save**. _Once this option is enabled, it cannot be undone._
:::warning Domain authorization
@@ -116,4 +116,4 @@ You must complete the domain authorization before you toggle `Enable New SSO Aut
:::
-
+
diff --git a/website/docs/docs/cloud/manage-access/licenses-and-groups.md b/website/docs/docs/cloud/manage-access/licenses-and-groups.md
index 83b926c7445..b91af80f9b3 100644
--- a/website/docs/docs/cloud/manage-access/licenses-and-groups.md
+++ b/website/docs/docs/cloud/manage-access/licenses-and-groups.md
@@ -60,7 +60,7 @@ of a group inherit any permissions applied to the group itself.
Users can be added to a dbt Cloud group based on their group memberships in the
configured [Identity Provider](sso-overview) for the account. In this way, dbt
Cloud administrators can manage access to dbt Cloud resources via identity
-management software like Azure AD, Okta, or GSuite. See _SSO Mappings_ below for
+management software like Microsoft Entra ID (formerly Azure AD), Okta, or GSuite. See _SSO Mappings_ below for
more information.
You can view the groups in your account or create new groups from the **Team > Groups**
diff --git a/website/docs/docs/cloud/manage-access/set-up-sso-azure-active-directory.md b/website/docs/docs/cloud/manage-access/set-up-sso-microsoft-entra-id.md
similarity index 99%
rename from website/docs/docs/cloud/manage-access/set-up-sso-azure-active-directory.md
rename to website/docs/docs/cloud/manage-access/set-up-sso-microsoft-entra-id.md
index 28684daf1d4..556a0740565 100644
--- a/website/docs/docs/cloud/manage-access/set-up-sso-azure-active-directory.md
+++ b/website/docs/docs/cloud/manage-access/set-up-sso-microsoft-entra-id.md
@@ -1,7 +1,7 @@
---
title: "Set up SSO with Microsoft Entra ID (formerly Azure AD)"
description: "Learn how dbt Cloud administrators can use Microsoft Entra ID to control access in a dbt Cloud account."
-id: "set-up-sso-azure-active-directory"
+id: "set-up-sso-microsoft-entra-id"
sidebar_label: "Set up SSO with Microsoft Entra ID"
---
@@ -19,7 +19,7 @@ Currently supported features include:
## Configuration
-dbt Cloud supports both single tenant and multi-tenant Microsoft Entra ID (formerly Azure AD) SSO Connections. For most Enterprise purposes, you will want to use the single-tenant flow when creating an Azure AD Application.
+dbt Cloud supports both single tenant and multi-tenant Microsoft Entra ID (formerly Azure AD) SSO Connections. For most Enterprise purposes, you will want to use the single-tenant flow when creating a Microsoft Entra ID Application.
### Creating an application
diff --git a/website/docs/docs/cloud/manage-access/sso-overview.md b/website/docs/docs/cloud/manage-access/sso-overview.md
index e6dd3b8216e..560be72e31d 100644
--- a/website/docs/docs/cloud/manage-access/sso-overview.md
+++ b/website/docs/docs/cloud/manage-access/sso-overview.md
@@ -48,12 +48,12 @@ Then, assign all of these (and only these) to the user license. This step will a
### How should non-admin users log in?
-Non-admin users that currently login with a password will no longer be able to do so. They must login using the dbt Enterprise Login URL or an identity provider (IdP). For example, Okta, Azure AD, etc.
+Non-admin users that currently login with a password will no longer be able to do so. They must login using the dbt Enterprise Login URL or an identity provider (IdP). For example, Okta, Microsoft Entra ID (formerly Azure AD), etc.
### Security best practices
There are a few scenarios that might require you to login with a password. We recommend these security best-practices for the two most common scenarios:
-* **Onboarding partners and contractors** — We highly recommend that you add partners and contractors to your Identity Provider. IdPs like Okta and Azure Active Directory (AAD) offer capabilities explicitly for temporary employees. We highly recommend that you reach out to your IT team to provision an SSO license for these situations. Using an IdP highly secure, reduces any breach risk, and significantly increases the security posture of your dbt Cloud environment.
+* **Onboarding partners and contractors** — We highly recommend that you add partners and contractors to your Identity Provider. IdPs like Okta and Microsoft Entra ID offer capabilities explicitly for temporary employees. We highly recommend that you reach out to your IT team to provision an SSO license for these situations. Using an IdP highly secure, reduces any breach risk, and significantly increases the security posture of your dbt Cloud environment.
* **Identity Provider is down** — Account admins will continue to be able to log in with a password which would allow them to work with your Identity Provider to troubleshoot the problem.
* **Offboarding admins** — When offboarding admins, revoke access to dbt Cloud by deleting the user from your environment; otherwise, they can continue to use username/password credentials to log in.
diff --git a/website/docs/docs/core/connect-data-platform/fabric-setup.md b/website/docs/docs/core/connect-data-platform/fabric-setup.md
index 3caab76301f..3c5fefadc17 100644
--- a/website/docs/docs/core/connect-data-platform/fabric-setup.md
+++ b/website/docs/docs/core/connect-data-platform/fabric-setup.md
@@ -84,14 +84,14 @@ More details about how these values affect your connection and how they are used
SQL Server and windows authentication are not supported by Microsoft Fabric Synapse Data Warehouse.
-### Azure Active Directory Authentication (AAD)
+### Microsoft Entra ID authentication
-Azure Active Directory authentication is a default authentication mechanism in Microsoft Fabric Synapse Data Warehouse.
+Microsoft Entra ID (formerly Azure AD) authentication is a default authentication mechanism in Microsoft Fabric Synapse Data Warehouse.
The following additional methods are available to authenticate to Azure SQL products:
-* AAD username and password
-* Service principal (a.k.a. AAD Application)
+* Microsoft Entra ID username and password
+* Service principal
* Environment-based authentication
* Azure CLI authentication
* VS Code authentication (available through the automatic option below)
@@ -103,7 +103,7 @@ The automatic authentication setting is in most cases the easiest choice and wor
-
+
@@ -251,23 +251,23 @@ your_profile_name:
-#### Additional options for AAD on Windows
+#### Additional options for Microsoft Entra ID on Windows
On Windows systems, the following additional authentication methods are also available for Azure SQL:
-* AAD interactive
-* AAD integrated
+* Microsoft Entra ID interactive
+* Microsoft Entra ID integrated
* Visual Studio authentication (available through the automatic option above)
-
+
This setting can optionally show Multi-Factor Authentication prompts.
@@ -292,7 +292,7 @@ your_profile_name:
-
+
This uses the credentials you're logged in with on the current machine.
@@ -318,11 +318,11 @@ your_profile_name:
-### Automatic AAD principal provisioning for grants
+### Automatic Microsoft Entra ID principal provisioning for grants
-Please note that automatic AAD principal provisioning is not supported by Microsoft Fabric Synapse Data Warehouse at this time. Even though in dbt 1.2 or newer you can use the [grants](https://docs.getdbt.com/reference/resource-configs/grants) config block to automatically grant/revoke permissions on your models to users or groups, the data warehouse does not support this feature at this time.
+Please note that automatic Microsoft Entra ID principal provisioning is not supported by Microsoft Fabric Synapse Data Warehouse at this time. Even though in dbt 1.2 or newer you can use the [grants](https://docs.getdbt.com/reference/resource-configs/grants) config block to automatically grant/revoke permissions on your models to users or groups, the data warehouse does not support this feature at this time.
-You need to add the service principal or AAD identity to a Fabric Workspace as an admin
+You need to add the service principal or Microsoft Entra identity to a Fabric Workspace as an admin
### Schema authorization
@@ -332,7 +332,7 @@ You can optionally set the principal who should own all schemas created by dbt.
CREATE SCHEMA [schema_name] AUTHORIZATION [schema_authorization]
```
-A common use case is to use this when you are authenticating with a principal who has permissions based on a group, such as an AAD group. When that principal creates a schema, the server will first try to create an individual login for this principal and then link the schema to that principal. If you would be using Azure AD in this case,
+A common use case is to use this when you are authenticating with a principal who has permissions based on a group, such as a Microsoft Entra ID group. When that principal creates a schema, the server will first try to create an individual login for this principal and then link the schema to that principal. If you would be using Microsoft Entra ID in this case,
then this would fail since Azure SQL can't create logins for individuals part of an AD group automatically.
### Reference of all connection options
@@ -347,9 +347,9 @@ then this would fail since Azure SQL can't create logins for individuals part of
| `authentication` | The authentication method to use. This is not required for Windows authentication. | | `'sql'` |
| `UID` | Username used to authenticate. This can be left out depending on the authentication method. | | |
| `PWD` | Password used to authenticate. This can be left out depending on the authentication method. | | |
-| `tenant_id` | The tenant ID of the Azure Active Directory instance. This is only used when connecting to Azure SQL with a service principal. | | |
-| `client_id` | The client ID of the Azure Active Directory service principal. This is only used when connecting to Azure SQL with an AAD service principal. | | |
-| `client_secret` | The client secret of the Azure Active Directory service principal. This is only used when connecting to Azure SQL with an AAD service principal. | | |
+| `tenant_id` | The tenant ID of the Microsoft Entra ID instance. This is only used when connecting to Azure SQL with a service principal. | | |
+| `client_id` | The client ID of the Microsoft Entra service principal. This is only used when connecting to Azure SQL with a Microsoft Entra service principal. | | |
+| `client_secret` | The client secret of the Microsoft Entra service principal. This is only used when connecting to Azure SQL with a Microsoft Entra service principal. | | |
| `encrypt` | Set this to `false` to disable the use of encryption. See [above](#connection-encryption). | | `true` |
| `trust_cert` | Set this to `true` to trust the server certificate. See [above](#connection-encryption). | | `false` |
| `retries` | The number of times to retry a failed connection. | | `1` |
@@ -362,7 +362,7 @@ Valid values for `authentication`:
* `ActiveDirectoryPassword`: Active Directory authentication using username and password
* `ActiveDirectoryInteractive`: Active Directory authentication using a username and MFA prompts
* `ActiveDirectoryIntegrated`: Active Directory authentication using the current user's credentials
-* `ServicePrincipal`: Azure Active Directory authentication using a service principal
-* `CLI`: Azure Active Directory authentication using the account you're logged in within the Azure CLI
-* `environment`: Azure Active Directory authentication using environment variables as documented [here](https://learn.microsoft.com/en-us/python/api/azure-identity/azure.identity.environmentcredential?view=azure-python)
-* `auto`: Azure Active Directory authentication trying the previous authentication methods until it finds one that works
+* `ServicePrincipal`: Microsoft Entra ID authentication using a service principal
+* `CLI`: Microsoft Entra ID authentication using the account you're logged in within the Azure CLI
+* `environment`: Microsoft Entra ID authentication using environment variables as documented [here](https://learn.microsoft.com/en-us/python/api/azure-identity/azure.identity.environmentcredential?view=azure-python)
+* `auto`: Microsoft Entra ID authentication trying the previous authentication methods until it finds one that works
diff --git a/website/docs/docs/core/connect-data-platform/mssql-setup.md b/website/docs/docs/core/connect-data-platform/mssql-setup.md
index fadf8cc4d4d..f2b17278df3 100644
--- a/website/docs/docs/core/connect-data-platform/mssql-setup.md
+++ b/website/docs/docs/core/connect-data-platform/mssql-setup.md
@@ -145,15 +145,15 @@ your_profile_name:
-### Azure Active Directory Authentication (AAD)
+### Microsoft Entra ID authentication
While you can use the SQL username and password authentication as mentioned above,
you might opt to use one of the authentication methods below for Azure SQL.
The following additional methods are available to authenticate to Azure SQL products:
-* AAD username and password
-* Service principal (a.k.a. AAD Application)
+* Microsoft Entra ID (formerly Azure AD) username and password
+* Service principal
* Managed Identity
* Environment-based authentication
* Azure CLI authentication
@@ -166,7 +166,7 @@ The automatic authentication setting is in most cases the easiest choice and wor
-
+
@@ -338,23 +338,23 @@ your_profile_name:
-#### Additional options for AAD on Windows
+#### Additional options for Microsoft Entra ID on Windows
On Windows systems, the following additional authentication methods are also available for Azure SQL:
-* AAD interactive
-* AAD integrated
+* Microsoft Entra ID interactive
+* Microsoft Entra ID integrated
* Visual Studio authentication (available through the automatic option above)
-
+
This setting can optionally show Multi-Factor Authentication prompts.
@@ -379,7 +379,7 @@ your_profile_name:
-
+
This uses the credentials you're logged in with on the current machine.
@@ -405,13 +405,13 @@ your_profile_name:
-### Automatic AAD principal provisioning for grants
+### Automatic Microsoft Entra ID principal provisioning for grants
In dbt 1.2 or newer you can use the [grants](https://docs.getdbt.com/reference/resource-configs/grants) config block to automatically grant/revoke permissions on your models to users or groups. This is fully supported in this adapter and comes with an additional feature.
-By setting `auto_provision_aad_principals` to `true` in your model configuration, you can automatically provision Azure Active Directory (AAD) principals (users or groups) that don't exist yet.
+By setting `auto_provision_aad_principals` to `true` in your model configuration, you can automatically provision Microsoft Entra ID principals (users or groups) that don't exist yet.
-In Azure SQL, you can sign in using AAD authentication, but to be able to grant an AAD principal certain permissions, it needs to be linked in the database first. ([Microsoft documentation](https://learn.microsoft.com/en-us/azure/azure-sql/database/authentication-aad-configure?view=azuresql))
+In Azure SQL, you can sign in using Microsoft Entra ID authentication, but to be able to grant a Microsoft Entra ID principal certain permissions, it needs to be linked in the database first. ([Microsoft documentation](https://learn.microsoft.com/en-us/azure/azure-sql/database/authentication-aad-configure?view=azuresql))
Note that principals will not be deleted automatically when they are removed from the `grants` block.
@@ -423,7 +423,7 @@ You can optionally set the principal who should own all schemas created by dbt.
CREATE SCHEMA [schema_name] AUTHORIZATION [schema_authorization]
```
-A common use case is to use this when you are authenticating with a principal who has permissions based on a group, such as an AAD group. When that principal creates a schema, the server will first try to create an individual login for this principal and then link the schema to that principal. If you would be using Azure AD in this case,
+A common use case is to use this when you are authenticating with a principal who has permissions based on a group, such as a Microsoft Entra ID group. When that principal creates a schema, the server will first try to create an individual login for this principal and then link the schema to that principal. If you would be using Microsoft Entra ID in this case,
then this would fail since Azure SQL can't create logins for individuals part of an AD group automatically.
### Reference of all connection options
@@ -439,9 +439,9 @@ then this would fail since Azure SQL can't create logins for individuals part of
| `UID` | Username used to authenticate. This can be left out depending on the authentication method. | | |
| `PWD` | Password used to authenticate. This can be left out depending on the authentication method. | | |
| `windows_login` | Set this to `true` to use Windows authentication. This is only available for SQL Server. | | |
-| `tenant_id` | The tenant ID of the Azure Active Directory instance. This is only used when connecting to Azure SQL with a service principal. | | |
-| `client_id` | The client ID of the Azure Active Directory service principal. This is only used when connecting to Azure SQL with an AAD service principal. | | |
-| `client_secret` | The client secret of the Azure Active Directory service principal. This is only used when connecting to Azure SQL with an AAD service principal. | | |
+| `tenant_id` | The tenant ID of the Microsoft Entra ID instance. This is only used when connecting to Azure SQL with a service principal. | | |
+| `client_id` | The client ID of the Microsoft Entra service principal. This is only used when connecting to Azure SQL with a Microsoft Entra service principal. | | |
+| `client_secret` | The client secret of the Microsoft Entra service principal. This is only used when connecting to Azure SQL with a Microsoft Entra service principal. | | |
| `encrypt` | Set this to `false` to disable the use of encryption. See [above](#connection-encryption). | | `true` |
| `trust_cert` | Set this to `true` to trust the server certificate. See [above](#connection-encryption). | | `false` |
| `retries` | The number of times to retry a failed connection. | | `1` |
@@ -455,8 +455,8 @@ Valid values for `authentication`:
* `ActiveDirectoryPassword`: Active Directory authentication using username and password
* `ActiveDirectoryInteractive`: Active Directory authentication using a username and MFA prompts
* `ActiveDirectoryIntegrated`: Active Directory authentication using the current user's credentials
-* `ServicePrincipal`: Azure Active Directory authentication using a service principal
-* `CLI`: Azure Active Directory authentication using the account you're logged in with in the Azure CLI
-* `ActiveDirectoryMsi`: Azure Active Directory authentication using a managed identity available on the system
-* `environment`: Azure Active Directory authentication using environment variables as documented [here](https://learn.microsoft.com/en-us/python/api/azure-identity/azure.identity.environmentcredential?view=azure-python)
-* `auto`: Azure Active Directory authentication trying the previous authentication methods until it finds one that works
+* `ServicePrincipal`: Microsoft Entra ID authentication using a service principal
+* `CLI`: Microsoft Entra ID authentication using the account you're logged in with in the Azure CLI
+* `ActiveDirectoryMsi`: Microsoft Entra ID authentication using a managed identity available on the system
+* `environment`: Microsoft Entra ID authentication using environment variables as documented [here](https://learn.microsoft.com/en-us/python/api/azure-identity/azure.identity.environmentcredential?view=azure-python)
+* `auto`: Microsoft Entra ID authentication trying the previous authentication methods until it finds one that works
diff --git a/website/docs/reference/resource-configs/fabric-configs.md b/website/docs/reference/resource-configs/fabric-configs.md
index ed0f91b9d84..b97706b587a 100644
--- a/website/docs/reference/resource-configs/fabric-configs.md
+++ b/website/docs/reference/resource-configs/fabric-configs.md
@@ -87,7 +87,7 @@ Grants with auto provisioning is not supported by Microsoft Fabric Synapse Data
## Permissions
-The AAD identity (user or service principal) must be a Fabric Workspace admin to work on the database level at this time. Fine grain access control will be incorporated in the future.
+The Microsoft Entra identity (user or service principal) must be a Fabric Workspace admin to work on the database level at this time. Fine grain access control will be incorporated in the future.
## cross-database macros
diff --git a/website/docs/reference/resource-configs/mssql-configs.md b/website/docs/reference/resource-configs/mssql-configs.md
index 9a94f794e86..849de169b58 100644
--- a/website/docs/reference/resource-configs/mssql-configs.md
+++ b/website/docs/reference/resource-configs/mssql-configs.md
@@ -118,10 +118,10 @@ from ...
## Grants with auto provisioning
dbt 1.2 introduced the capability to grant/revoke access using the `grants` [configuration option](/reference/resource-configs/grants).
-In dbt-sqlserver, you can additionally set `auto_provision_aad_principals` to `true` in your model configuration if you are using Azure Active Directory authentication with an Azure SQL Database or Azure Synapse Dedicated SQL Pool.
+In dbt-sqlserver, you can additionally set `auto_provision_aad_principals` to `true` in your model configuration if you are using Microsoft Entra ID authentication with an Azure SQL Database or Azure Synapse Dedicated SQL Pool.
-This will automatically create the Azure Active Directory principal inside your database if it does not exist yet.
-Note that the principals need to exist in your Azure Active Directory, this just makes them available to use in your database.
+This will automatically create the Microsoft Entra ID principal inside your database if it does not exist yet.
+Note that the principals need to exist in your Microsoft Entra ID, this just makes them available to use in your database.
Principals are not removed again when they are removed from the grants configuration.
diff --git a/website/sidebars.js b/website/sidebars.js
index 8f2325c92f2..5e002ff0148 100644
--- a/website/sidebars.js
+++ b/website/sidebars.js
@@ -90,7 +90,7 @@ const sidebarSettings = {
"docs/cloud/manage-access/set-up-sso-saml-2.0",
"docs/cloud/manage-access/set-up-sso-okta",
"docs/cloud/manage-access/set-up-sso-google-workspace",
- "docs/cloud/manage-access/set-up-sso-azure-active-directory",
+ "docs/cloud/manage-access/set-up-sso-microsoft-entra-id",
"docs/cloud/manage-access/set-up-snowflake-oauth",
"docs/cloud/manage-access/set-up-databricks-oauth",
"docs/cloud/manage-access/set-up-bigquery-oauth",
diff --git a/website/vercel.json b/website/vercel.json
index 0390f2f4f84..69d9505afcc 100644
--- a/website/vercel.json
+++ b/website/vercel.json
@@ -2,6 +2,11 @@
"cleanUrls": true,
"trailingSlash": false,
"redirects": [
+ {
+ "source": "/docs/cloud/manage-access/set-up-sso-azure-active-directory",
+ "destination": "/docs/cloud/manage-access/set-up-sso-microsoft-entra-id",
+ "permanent": true
+ },
{
"source": "/docs/building-a-dbt-project/dont-nest-your-curlies",
"destination": "/best-practices/dont-nest-your-curlies",
@@ -1474,7 +1479,7 @@
},
{
"source": "/docs/collaborate/manage-access/set-up-sso-azure-active-directory",
- "destination": "/docs/cloud/manage-access/set-up-sso-azure-active-directory",
+ "destination": "/docs/cloud/manage-access/set-up-sso-microsoft-entra-id",
"permanent": true
},
{