10

I have installed the PowerShell 6.1.3 version and I want to get a connection to the Azure account using the following Azure PowerShell command: 

Connect-AzAccount -Tenant <tenantId> -Subscription <subId>

After entering this command I get the warning with the url and some code. Then I have to go to the URL and enter the code there. After that, I get a connection to the Azure account.

Are there any ways to avoid this confirmation?

I've also tried to do it using the following command: 

az login -u <username> -p <password>

This command only returns some account information(subscriptionId, tenantId etc) but it doesn't install a connection to this account.

abatishchev
  • 98,240
  • 88
  • 296
  • 433
agawa17
  • 315
  • 1
  • 3
  • 10

3 Answers3

19

1.To login with the user account, try the command as below, make sure your account doesn't enable the MFA(Multi-Factor Authentication).

$User = "xxx@xxxx.onmicrosoft.com"
$PWord = ConvertTo-SecureString -String "<Password>" -AsPlainText -Force
$tenant = "<tenant id>"
$subscription = "<subscription id>"
$Credential = New-Object -TypeName "System.Management.Automation.PSCredential" -ArgumentList $User,$PWord
Connect-AzAccount -Credential $Credential -Tenant $tenant -Subscription $subscription

enter image description here

2.You can also use a service principal to login, use the command as below.

$azureAplicationId ="Azure AD Application Id"
$azureTenantId= "Your Tenant Id"
$azurePassword = ConvertTo-SecureString "strong password" -AsPlainText -Force
$psCred = New-Object System.Management.Automation.PSCredential($azureAplicationId , $azurePassword)
Connect-AzAccount -Credential $psCred -TenantId $azureTenantId  -ServicePrincipal

See a similar issue I answered here, it use the old AzureRM module, for Az, just change the last line.

If you are not familiar with service principal, Also see : How to: Use the portal to create an Azure AD application and service principal that can access resources, the application id and authentication key are the Azure AD Application Id and strong password you need.

Joy Wang
  • 39,905
  • 3
  • 30
  • 54
  • 3
    I've just checked your first option and got the following error: Connect-AzAccount : Username + Password authentication is not supported in PowerShell Core. Please use device code authentication for interactive log in, or Service Principal authentication for script log in. – agawa17 Feb 27 '19 at 11:53
  • @agawa17 If so, seems you need to use the second option, my powershell version is 5.1. Besides, I recommend you to use the second one, if you use the username+password with the non-interactive way, it is not safe, if you enable the MFA, it will also not work – Joy Wang Feb 27 '19 at 15:10
  • Thanks! It will work when I have an Azure AD application before logging. So, I have to create an Azure AD application in the ps script for that, but this operation needs me to log in Azure account and I have to use a browser to confirm logging. Is there another way how I can log in to Azure account through the Powershell core script without browser confirmation? – agawa17 Mar 29 '19 at 13:46
  • I getting the error while connecting the above powershell script: "Connect-AzAccount : Federated service at https://adfs.myatos.net/adfs/services/trust/2005/usernamemixed returned error: ID3242: The security token could not be authenticated or authorized. " – Gautam Sharma Aug 18 '20 at 08:15
1

You have 2 options.

Sign in with credentials (Requires Az.Accounts v 1.2.0 or higher)

You can also sign in with a PSCredential object authorized to connect to Azure. The easiest way to get a credential object is with the Get-Credential cmdlet. When run, this cmdlet will prompt you for a username/password credential pair.

$creds = Get-Credential
Connect-AzAccount -Credential $creds

Sign in with a service principal

Service principals are non-interactive Azure accounts. Like other user accounts, their permissions are managed with Azure Active Directory. By granting a service principal only the permissions it needs, your automation scripts stay secure.

To learn how to create a service principal for use with Azure PowerShell, see Create an Azure service principal with Azure PowerShell.

Source: https://learn.microsoft.com/en-us/powershell/azure/authenticate-azureps?view=azps-1.3.0

Ken W - Zero Networks
  • 3,533
  • 1
  • 13
  • 18
  • Connecting to azure account using credentials like username and password aren't supported by Az module. So, I have to connect to the Azure account using a service principal. But to create an azure ad application and service principal using PowerShell core, I also have to connect to az account before. But I can't connect without browser confirmation( – agawa17 Mar 29 '19 at 16:35
0

If Multi Factor Enabled then also below logic should work

    $clientId = "***********************"
    $clientSecret = "********************"
    $tenantId = "***********************"
    $tempPassword = ConvertTo-SecureString "$clientSecret" -AsPlainText -Force
    $psCred = New-Object System.Management.Automation.PSCredential($clientId , 
    $tempPassword)
    Connect-AzAccount -Credential $psCred -TenantId $azureTenantId  -ServicePrincipal
alvahab
  • 21
  • 3
  • 1
    This answer would be more helpful for the op if you explained the code but even so, this question is two years old, has two other answers and an accepted answer. Check the more recent and unanswered questions on these tags . – Nico Nekoru Mar 25 '21 at 09:56
  • @NicoNekoru The answer is more or less the same as JoyWang's as far as I can tell. – shaedrich Mar 25 '21 at 11:44