Oracle Autonomous Database users can now be authenticated and managed with Azure Active Directory

June 13, 2022 | 2 minute read
Alan Williams
Product Manager, Oracle Database Security
Text Size 100%:

Many on-premises customers integrate their Oracle Database with Microsoft Active Directory to streamline user management and help reduce risk. As these customers migrate to the cloud, many are looking to centralize identities in their cloud directories while their Oracle Database runs in Oracle Cloud Infrastructure (OCI).

We are excited to announce the integration of Oracle Autonomous Database with Azure Active Directory (Azure AD). First, users can use their Azure AD credentials to connect to databases using single sign-on (SSO) instead of storing the database username and password. Second, administrators can now manage all Autonomous Database users centrally in Azure AD, without making changes to each database individually as users join, change roles or leave an organization. Finally, the database works directly with Azure AD, without requiring a federated identity provider to be configured or managed. We’ll describe these use cases below and show how the Autonomous Database and Azure AD integration improves efficiencies, streamlines the user experience, and enhances security.

Similar to our existing feature of centrally managed users (CMU), using Active Directory we have now centralized user schema mapping and database authorization using Azure AD application (app) roles. Database schemas can map to an Azure AD user or an app role, and the app roles can be assigned to Azure AD users or groups. Further, database users with the same app role assignments get the same access rights – greatly simplifying the DBA and Azure AD administrator’s job in managing multiple users with identical responsibilities. Azure AD also centrally manages user lockout and account termination for database users.   

Direct integration with Azure AD simplifies the user authentication experience. Azure users can use their SSO credentials to authenticate to the OCI database directly without managing their identity profile in the federated identity service. Since the database can work directly with Azure AD tokens, there is no need for identity administrators to manage federation between cloud identity providers.

Direct integration with Azure AD also enhances runtime security for multi-cloud applications. Previously, applications would need to store Oracle Database usernames and passwords to connect with the Oracle Database. Now Azure applications and services can use their Azure AD credentials to send Azure AD OAuth2 access tokens to the database. Such access tokens can be sent through the latest versions of the Oracle Database 19c clients (Instant Client, JDBC-thin, odp.net).  Applications and utilities that can’t connect directly with Azure AD to retrieve an access token can use helper tools (PowerShell, Azure CLI, and others) to request an access token and store them in a local directory for the database client to use.

For documentation regarding the Azure AD integration check out:

Also, in case you missed them, here are my previous blog posts on the Oracle Autonomous Database integration with Oracle Cloud Infrastructure (OCI) Identity and Access Management (IAM) for Autonomous Database Shared infrastructure and Autonomous Database Dedicated infrastructure.

This integration is another step in the multi-cloud story for Oracle Databases. Continue to keep an eye on the Oracle Cloud Security blog for more announcements.

Alan Williams

Product Manager, Oracle Database Security

Alan Williams is the Product Manager responsible for authentication and authorization technologies in the Oracle Database group. Prior to joining the Oracle Database Security team, he was involved in government and military projects involving high-security architecture, design and processes along with ITIL implementation. Alan is a 30-year veteran of the IT industry and has certifications in ITIL v3 Foundation and DOD Architecture Foundation and is a United States Air Force veteran. He earned his Bachelor’s degree from the Massachusetts Institute of Technology and Masters of Business Administration from the Rensselaer Polytechnic Institute

Show more

Previous Post

Oracle Fusion Application SaaS Deployments Help Decrease Exposure to Malware and Ransomware Attacks

David B. Cross | 9 min read

Next Post


Tame Identity-Related Challenges with a Single Solution Cloud Service

Taylor Lewis | 6 min read
Oracle Chatbot
Disconnected