Cloud SQL built-in database authentication

This page describes how built-in authentication works on Cloud SQL instances.

Introduction

Authentication is the process of verifying the identity of a user who is attempting to access an instance. Cloud SQL uses the following types of authentication for database users:

• The database's built-in authentication uses a username and a password to authenticate local database users. For more information, see the following resources:
  • Create and manage users
  • About SQL Server users
• Authentication using Managed Service for Microsoft Active Directory.
• Authentication using customer-managed Microsoft AD.
• Authentication using Microsoft Entra ID.

Although Active Directory or Microsoft Entra ID authentication can be more secure and reliable, you might prefer to use built-in authentication or a hybrid authentication model that includes different authentication types.

Limitations

• Cloud SQL for SQL Server doesn't support the following capabilities:
  • Custom password policies
  • IAM database authentication
  • IAM authentication for database operations
• Cloud SQL for SQL Serversupports IAM authentication for instance and backup operations only. For more information, see IAM authentication.

What's next

• Create an instance and set the password policy.
• Create users with built-in authentication.