Configure IAM Proxy Authentication
Proxy authentication allows an IAM user to proxy to a database schema for tasks such as application maintenance.
- About Configuring IAM Proxy Authentication
IAM users can connect to Oracle DBaaS by using proxy authentication. - Configure Proxy Authentication for the IAM User
To configure proxy authentication for an IAM user, the IAM user must already have a mapping to a global schema (exclusive or shared mapping). A separate database schema for the IAM user to proxy to must also be available. - Validate the IAM User Proxy Authentication
You can validate the IAM user proxy configuration for both password and token authentication methods.
About Configuring IAM Proxy Authentication
IAM users can connect to Oracle DBaaS by using proxy authentication.
Proxy authentication is typically used to authenticate the real user and then authorize them to use a database schema with the schema privileges and roles in order to manage an application. Alternatives such as sharing the application schema password are considered insecure and unable to audit which actual user performed an action.
A use case can be in an environment in which a named IAM user who is an application database administrator can authenticate by using their credentials and then proxy to a database schema user (for example, hrapp
). This authentication enables the IAM administrator to use the hrapp
privileges and roles as user hrapp
in order to perform application maintenance, yet still use their IAM credentials for authentication. An application database administrator can sign in to the database and then proxy to an application schema to manage this schema.
You can configure proxy authentication for both the password authentication and token authentication methods.
Parent topic: Configure IAM Proxy Authentication
Configure Proxy Authentication for the IAM User
To configure proxy authentication for an IAM user, the IAM user must already have a mapping to a global schema (exclusive or shared mapping). A separate database schema for the IAM user to proxy to must also be available.
CONNECT peterfitch[hrapp]@connect_string
Enter password: password
To connect using a token:
CONNECT [hrapp]/@connect_string
Parent topic: Configure IAM Proxy Authentication
Validate the IAM User Proxy Authentication
You can validate the IAM user proxy configuration for both password and token authentication methods.
Parent topic: Configure IAM Proxy Authentication