OracleDB for Azure Onboarding Steps
Learn about the main setup tasks required to onboard with OracleDB for Azure.
To use OracleDB for Azure, an Azure administrator must first onboard an Azure environment with OracleDB for Azure. Once that process completes, the administrator and database administrators or developers use the OracleDB for Azure Portal to deploy and provision OCI database products for use in the onboarded Azure environment. The onboarding process has three steps:
- Account Linking
- Subscription Linking
- Identity Federation (optional when using guided onboarding)
To start OracleDB for Azure onboarding, go to https://signup.multicloud.oracle.com/azure.
Account Linking
During account linking, OracleDB for Azure creates the configuration that connects an Azure tenancy to an OCI tenancy. This is a required step and must be completed before any authorized user accesses the OracleDB for Azure portal. Account linking accomplishes the following:
- Creates OracleDB for Azure groups in the Azure tenant's Azure Active Directory.
- Creates an Oracle Database Service Enterprise Application and custom roles in the Azure tenant's Azure Active Directory.
To grant a user access to OracleDB for Azure and enable database provisioning, an Azure administrator adds users or groups to the OracleDB for Azure groups in Azure, or manually assigns existing users or groups one or more of the OracleDB for Azure custom Azure roles.
Subscription Linking
Azure uses subscriptions to manage billing for all resources created in the Azure environment. This is one of the ways Azure allows users to group resources together. When Azure administrators provision resources in Azure, they must select a subscription to associate with the resource.
During database deployment or provisioning, OracleDB for Azure must have access to the Azure subscription to provision the resources OracleDB for Azure creates in Azure (Azure Application Insights, Azure Log Analytics, and Azure custom dashboards).
For these reasons, Azure administrators must link at least one Azure subscription to OracleDB for Azure. To link an Azure subscription to OracleDB for Azure, an Azure administrator must:
- Grant the Oracle Database Service Enterprise Application access to the subscription. For this you must grant the service three permissions in each subscription accessed by OracleDB for Azure.
- Add the subscription details to the OracleDB for Azure multicloud link created for the tenancy.
Azure administrators complete the first step in Azure, then open the OracleDB for Azure Portal to complete subscription linking with a single click.
Using Identity Federation in OracleDB for Azure
Azure users log into OracleDB for Azure using their Azure credentials, and OracleDB for Azure streams much of the day-to-day operational data from the OracleDB for Azure managed OCI databases to Azure Application Insights and Azure Log Analytics. Because of this, Azure developers spend most of their time in Azure.
In some instances, an OracleDB for Azure user must log into the OCI Console to perform specific tasks that aren't enabled or available in OracleDB for Azure today. To make this process easier, Azure customers setup identity federation between the Azure and OCI tenancies. With this in place, authorized users use a single set of credentials, their Azure credentials, to log into Azure and OCI. Without federation, Azure users must create and maintain separate credentials for OCI users when accessing the OCI Console.