https://learn.microsoft.com/en-us/azure/postgresql/flexible-server/how-to-manage-azure-ad-users

az login
az account get-access-token --resource-type oss-rdbms --output tsv --query accessToken
$env:PGPASSWORD='<Access_Token>'
psql "host=server.postgres.database.azure.com user=postgres_users dbname=postgres sslmode=require"

-- Display all existing Entra principals
select * from pg_catalog.pgaadauth_list_principals(false);
 
-- Add Entra principal to the server, "roleName" must match the name of an existing Entra principal
select * from pg_catalog.pgaadauth_create_principal(roleName text, isAdmin boolean, isMfa boolean)
select * from pg_catalog.pgaadauth_create_principal('postgres_users', false, false)

-- Enable Microsoft Entra authentication for an existing PostgreSQL role
SECURITY LABEL for "pgaadauth" on role "postgres_admin" is 'aadauth,oid=<objectId>,type=<objectType>,admin';