Overview

Identity is a critical component of security. The OCI MySQL Database Service (MDS) enables DBAs to leverage existing OCI User Identites and Group Memberships for authentication into MySQL Database Service Instances, providing increased security, centralized management, and ease of use.  Using this feature, an MDS instance can validate a connecting user via the users OCI IAM API Key.

Authentication to OCI Identity Domains - using PEM validates based on OCI user or group
Authentication to OCI Identity Domains – PEM validates based on OCI user or group

 

This enables DBAs to centrally manage MDS users via OCI IAM Identity. MDS works for user identities in both 

OCI IAM Identity simplifies access management across Oracle Cloud. With IAM Identity Domains you can manage access for employees across cloud and on-premises applications, enabling secure authentication, easy management of entitlements, and seamless SSO for end users. 

Some of the great features of OCI Identity are:

  • Sign-On with flexible authentication options: support for federated, social, and delegated sign-on.
  • Seamless user experience and self-service: Intuitive self-service registration and profile management
  • Easy administration of users, groups, and access: Create and manage users, groups, and apps manually in the admin console via step-by-step wizards or automate lifecycle management via app connectors.
  • Developer friendly APIs and sample code: All functionality is exposed programmatically via APIs. Sample code and SDKs/CLIs make it easy for developers to include IAM functions into custom or commercial apps. 

Connection Options

Not only can you connect to MDS instances using OCI IAM Identity API Keys via MySQL tools, you can also connect using OCI IAM API keys in your applications that use mysql drivers version 8.0.27 and above of the

  • Native mysqlclient 
  • Connector/J,
  • Connector/C++
  • Connector/ODBC
  • Connector/Python 
  • Connector/NET
  • PHP Driver

These Connectors (mysql drivers) will read from the [default] section of your .oci/config and use the details in the config along with the contents of your private OCI API Key to connect to mysql. To get the lastest Connectors download from here.

Conclusion

MySQL Database Service OCI IAM Identity Domains, enables you to centrally manage users while at that same time making access far more straight forward.

Additional References:

Learn more about MySQL Database Service

Learn more about MySQL HeatWave

Learn more about OCI IAM and the Oracle cloud identity fabric

Try MDS today!