Learn about the main setup tasks required to onboard with OracleDB for Azure.
To use OracleDB for Azure, an Azure administrator
must first onboard an Azure environment with OracleDB for Azure. Once that process completes,
the administrator and database administrators or developers use the OracleDB for Azure Portal to deploy and provision
OCI database products for use in the
onboarded Azure environment. The onboarding process has three steps:
During account linking, OracleDB for Azure creates
the configuration that connects an Azure tenancy to an OCI tenancy. This is a required step and
must be completed before any authorized user accesses the OracleDB for Azure portal. Account linking
accomplishes the following:
Creates OracleDB for Azure groups in the Azure tenant's Azure Active Directory.
Creates an Oracle Database Service Enterprise Application and custom roles in the Azure tenant's Azure Active Directory.
Note
To grant a user access to OracleDB for Azure
and enable database provisioning, an Azure administrator adds users or groups to the
OracleDB for Azure groups in Azure, or
manually assigns existing users or groups one or more of the OracleDB for Azure custom Azure roles.
Subscription Linking 🔗
Azure uses subscriptions to manage billing for all resources created in the Azure
environment. This is one of the ways Azure allows users to group resources together.
When Azure administrators provision resources in Azure, they must select a subscription
to associate with the resource.
During database deployment or provisioning, OracleDB for Azure must have access to the Azure
subscription to provision the resources OracleDB for Azure creates in Azure (Azure
Application Insights, Azure Log Analytics, and Azure custom dashboards).
For these reasons, Azure administrators must link at least one Azure subscription to OracleDB for Azure. To link an Azure subscription
to OracleDB for Azure, an Azure administrator
must:
Grant the Oracle Database Service Enterprise Application access to the subscription.
For this you must grant the service three permissions in each subscription accessed
by OracleDB for Azure.
Add the subscription details to the OracleDB for Azure multicloud link created for
the tenancy.
Azure administrators complete the first step in Azure, then open the OracleDB for Azure Portal to complete subscription
linking with a single click.
Using Identity Federation in OracleDB for Azure 🔗
Azure users log into OracleDB for Azure using their
Azure credentials, and OracleDB for Azure streams
much of the day-to-day operational data from the OracleDB for Azure managed OCI databases to Azure Application Insights
and Azure Log Analytics. Because of this, Azure developers spend most of their time in
Azure.
In some instances, an OracleDB for Azure user must log into the OCI
Console to perform specific tasks that aren't enabled or available in OracleDB for Azure today. To make this process easier, Azure customers setup identity federation between the Azure and OCI tenancies. With this in place, authorized users use a single set of credentials, their Azure credentials, to log into Azure and OCI. Without federation, Azure users must create and maintain separate credentials for OCI users when accessing the OCI
Console.