diff --git a/modules/azure/mysql_flexible_server/main.tf b/modules/azure/mysql_flexible_server/main.tf
index 9a84d16b..2f18bffe 100644
--- a/modules/azure/mysql_flexible_server/main.tf
+++ b/modules/azure/mysql_flexible_server/main.tf
@@ -48,6 +48,15 @@ resource "azurerm_mysql_flexible_server" "mysql_flexible_server" {
     size_gb           = var.mysql_server_storage_max
   }
 
+  dynamic "identity" {
+    for_each = var.entra_administrator_enabled == false ? [] : [1]
+
+    content {
+      type         = "UserAssigned"
+      identity_ids = [var.entra_identity_id]
+    }
+  }
+
   lifecycle {
     ignore_changes = [zone]
   }
@@ -68,6 +77,16 @@ resource "azurerm_mysql_flexible_server_configuration" "mysql_flexible_server_co
   value               = var.slow_query_log
 }
 
+resource "azurerm_mysql_flexible_server_active_directory_administrator" "entra_admin" {
+  count = var.entra_administrator_enabled == false ? 0 : 1
+
+  server_id   = azurerm_mysql_flexible_server.mysql_flexible_server.id
+  identity_id = var.entra_identity_id
+  login       = var.entra_login
+  object_id   = var.entra_object_id
+  tenant_id   = var.entra_tenant_id
+}
+
 data "azurerm_monitor_diagnostic_categories" "diagnostic_categories" {
   count       = var.log_analytics_workspace_id == null ? 0 : 1
   resource_id = azurerm_mysql_flexible_server.mysql_flexible_server.id
diff --git a/modules/azure/mysql_flexible_server/variables.tf b/modules/azure/mysql_flexible_server/variables.tf
index cd510d4f..b5cc9079 100644
--- a/modules/azure/mysql_flexible_server/variables.tf
+++ b/modules/azure/mysql_flexible_server/variables.tf
@@ -81,6 +81,36 @@ variable "mysql_admin_username" {
   description = "The administrator login username for the mysql server."
 }
 
+variable "entra_administrator_enabled" {
+  type        = bool
+  description = "Specifies whether or not Entra authentication is enabled for this MySQL Server"
+  default     = false
+}
+
+variable "entra_identity_id" {
+  type        = string
+  description = "The Entra identity id for the mysql server."
+  default     = null
+}
+
+variable "entra_login" {
+  type        = string
+  description = "The Entra administrator login username for the mysql server."
+  default     = null
+}
+
+variable "entra_object_id" {
+  type        = string
+  description = "The Entra object id for the mysql server."
+  default     = null
+}
+
+variable "entra_tenant_id" {
+  type        = string
+  description = "The Entra tenant id for the mysql server."
+  default     = null
+}
+
 variable "password_keeper" {
   type        = map(string)
   description = "Random map of strings, when changed the mysql admin password will rotate."
diff --git a/modules/azure/mysql_flexible_server_public/main.tf b/modules/azure/mysql_flexible_server_public/main.tf
index 815ab2b7..9ae422f2 100644
--- a/modules/azure/mysql_flexible_server_public/main.tf
+++ b/modules/azure/mysql_flexible_server_public/main.tf
@@ -45,6 +45,15 @@ resource "azurerm_mysql_flexible_server" "mysql_flexible_server" {
     size_gb           = var.server_storage_max
   }
 
+  dynamic "identity" {
+    for_each = var.entra_administrator_enabled == false ? [] : [1]
+
+    content {
+      type         = "UserAssigned"
+      identity_ids = [var.entra_identity_id]
+    }
+  }
+
   lifecycle {
     ignore_changes  = [zone]
     prevent_destroy = true
@@ -66,6 +75,16 @@ resource "azurerm_mysql_flexible_server_configuration" "mysql_flexible_server_co
   value               = var.slow_query_log
 }
 
+resource "azurerm_mysql_flexible_server_active_directory_administrator" "entra_admin" {
+  count = var.entra_administrator_enabled == false ? 0 : 1
+
+  server_id   = azurerm_mysql_flexible_server.mysql_flexible_server.id
+  identity_id = var.entra_identity_id
+  login       = var.entra_login
+  object_id   = var.entra_object_id
+  tenant_id   = var.entra_tenant_id
+}
+
 data "azurerm_monitor_diagnostic_categories" "diagnostic_categories" {
   count       = var.log_analytics_workspace_id == null ? 0 : 1
   resource_id = azurerm_mysql_flexible_server.mysql_flexible_server.id
diff --git a/modules/azure/mysql_flexible_server_public/variables.tf b/modules/azure/mysql_flexible_server_public/variables.tf
index 65ad027c..af51f211 100644
--- a/modules/azure/mysql_flexible_server_public/variables.tf
+++ b/modules/azure/mysql_flexible_server_public/variables.tf
@@ -70,6 +70,36 @@ variable "admin_username" {
   description = "The administrator login username for the mysql server."
 }
 
+variable "entra_administrator_enabled" {
+  type        = bool
+  description = "Specifies whether or not Entra authentication is enabled for this MySQL Server"
+  default     = false
+}
+
+variable "entra_identity_id" {
+  type        = string
+  description = "The Entra identity id for the mysql server."
+  default     = null
+}
+
+variable "entra_login" {
+  type        = string
+  description = "The Entra administrator login username for the mysql server."
+  default     = null
+}
+
+variable "entra_object_id" {
+  type        = string
+  description = "The Entra object id for the mysql server."
+  default     = null
+}
+
+variable "entra_tenant_id" {
+  type        = string
+  description = "The Entra tenant id for the mysql server."
+  default     = null
+}
+
 variable "password_keeper" {
   type        = map(string)
   description = "Random map of strings, when changed the mysql admin password will rotate."