[Inquiry] Entra ID Authentication and RLS Configuration for DAB MCP Server

[Koro110]

We are currently validating a configuration where an in-house AI agent acts as an MCP client and DAB on Azure Container Apps acts as an MCP server, accessing Azure SQL Database via Entra ID authentication. The goal is to apply Row-Level Security (RLS) based on individual user identity. We would appreciate your confirmation on the following points.

■ Reference Documents
① https://learn.microsoft.com/en-us/azure/data-api-builder/concept/security/authenticate-entra?tabs=bash
② https://learn.microsoft.com/ja-jp/azure/data-api-builder/mcp/how-to-configure-authentication?tabs=bash
③ https://learn.microsoft.com/en-us/azure/data-api-builder/concept/security/row-level-security

■ Confirmation of Understanding
[Q1] App Registration Is it correct that two app registrations are required — one for the in-house AI agent (MCP client) and one for DAB (MCP server)?

[Q2] Authentication Configuration for MCP Server In the Command-Line example provided in ②, is it correct that the following values should be set using the DAB app's Application ID and Tenant ID?
dab configure
--runtime.host.authentication.jwt.audience "api://"
dab configure
--runtime.host.authentication.jwt.issuer "https://login.microsoftonline.com//v2.0"

[Q3] RLS Implementation Is it correct that RLS is applied by passing the oid claim from the JWT to SQL via SESSION_CONTEXT, and matching it against the corresponding column in the table?

[Aniruddh25]

Hi @Koro110,

Thank you for your question.

[Q1]: Yes. Both app registrations will be needed if your MCP client also authenticates with Entra before reaching out to the SQL MCP Server (in DAB).

[Q2]: Yes that is correct. The resulting configuration should be as per the example here: https://learn.microsoft.com/en-us/azure/data-api-builder/concept/security/authenticate-entra?tabs=bash#resulting-configuration

[Q3]: That is true. RLS feature uses SESSION_CONTEXT.
Additionally, if you also need a "Pass Through" authentication i.e. the MCP client is also a user in SQL, you could use the On behalf of feature introduced in DAB 2.0.0-rc currently in preview. In addition to the RLS feature, OBO allows execution of SQL queries directly as the MCP client instead of as the MCP Server in DAB. https://learn.microsoft.com/en-us/azure/data-api-builder/concept/security/authenticate-on-behalf-of?tabs=bash#step-2-configure-the-data-source

[Koro110]

Hi @Aniruddh25,
Thank you very much for your clear and detailed responses. This helps a lot.

I have one additional question for clarification.
For the client-side app registration, is the following setting required?
API permission to add: api:///Endpoint.Access

[Aniruddh25]

I don't think the Endpoint Access API permission needs to be added to the client side app registration. I think that would only be needed for the app registration done for the SQL MCP Server (in DAB). Could you please give it a try?