Scribd Logo
Upload

Welcome to Scribd!

  • 23 views

    Azure AD Configuration For DBCS

    Uploaded by

    Sarang
    The document provides instructions for configuring single sign-on (SSO) between an Oracle database and Microsoft Azure Active Directory (Azure AD). It describes how to register the Oracle database with an Azure AD tenant, create app roles in Azure AD, and assign users and groups to the app roles to control access to schemas in the Oracle database.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd

    Azure AD Configuration For DBCS

    Uploaded by

    Sarang
    23 views9 pages
    The document provides instructions for configuring single sign-on (SSO) between an Oracle database and Microsoft Azure Active Directory (Azure AD). It describes how to register the Oracle database with an Azure AD tenant, create app roles in Azure AD, and assign users and groups to the app roles to control access to schemas in the Oracle database.

    Original Title

    Azure AD Configuration for DBCS

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    The document provides instructions for configuring single sign-on (SSO) between an Oracle database and Microsoft Azure Active Directory (Azure AD). It describes how to register the Oracle database with an Azure AD tenant, create app roles in Azure AD, and assign users and groups to the app roles to control access to schemas in the Oracle database.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Download as pdf or txt
    23 views9 pages

    Azure AD Configuration For DBCS

    Uploaded by

    Sarang
    The document provides instructions for configuring single sign-on (SSO) between an Oracle database and Microsoft Azure Active Directory (Azure AD). It describes how to register the Oracle database with an Azure AD tenant, create app roles in Azure AD, and assign users and groups to the app roles to control access to schemas in the Oracle database.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Download as pdf or txt
    You are on page 1of 9

    SSO FOR DBCS

    AZURE AD CONFIGURATION
    Registering the Oracle Database Instance with a Microsoft Azure AD Tenancy

    A user with administrator privileges uses Microsoft Azure AD to register the Oracle
    Database instance with the Microsoft Azure AD tenancy.

    1. Log in to the Azure portal as an administrator who has Microsoft Azure AD


    privileges to register applications.
    2. In the Azure Active directory admin center page, from the left navigation bar,
    select Azure Active Directory.
    3. In the MS - App registrations page, select App registrations from the left
    navigation bar.
    4. Select New registration.
    The Register an application window appears.

    5. In the Register an application page, enter the following Oracle Database instance
    registration information:
     In the Name field, enter a name for the Oracle Database instance
    connection - OICDEVDB
     Under Supported account types, select the account type that matches your
    use case.
     Accounts in this organizational directory only
    (tenant_name only - Single tenant)
     Accounts in any organizational directory (Any Azure AD
    directory - Multitenant)
     Accounts in any organizational directory (Any Azure AD
    directory - Multitenant) and personal Microsoft accounts (e.g.
    Skype, Xbox)
     Personal Microsoft accounts only
    6. Bypass the Redirect URI (Optional) settings. You do not need to create a redirect
    URI.
    7. Click Register.
    After you click Register, Azure AD displays the app registration's Overview pane,
    which will show the Application (client) ID under Essentials. This value is a unique
    identifier for the application in the Microsoft identity platform.
    8. Register a scope, which will set the permission for the registered app.
     In the left navigation bar, select Expose an API.
     Under Set the App ID URI, in the Application ID URI field, enter the app
    ID URI for the database connection using the following format, and then
    click Save:
    - your_tenancy_url/application_(client)_id

    In this specification:

     your_tenancy_url must include https as the prefix and the fully qualified domain
    name of your Azure AD tenancy.
     application_(client)_id is the ID that was generated when you registered the
    Oracle Database instance with Azure AD. It is displayed in the Overview pane of
    the app registration.

    For example:
    https://saleswest.example.com/1aa11111-1a1z-1a11-1a1a-11aa11a1aa1a

    Select Add a scope and then enter the following settings:


     Scope name specifies a name for the scope. Enter the following name:
    session:scope:connect

    This name can be any text. However, a scope name must be provided. You will
    need to use this scope name later when you give consent to the database client
    application to access the database.
     Who can consent specifies the necessary permissions. Select Admins and users,
    or for higher restrictions, Admins only.
     Admin consent display name describes the scope's purpose (for
    example, Connect to Oracle), which only administrators can see.
     Admin consent display name describes the scope's purpose (for
    example, Connect to Example Database), which only administrators can see.
     User consent display name is a short description of the purpose of the scope
    (for example, Connect to Example Database), which users can see if you
    specify Admins and users in Who can consent.
     User consent description is a more detailed description of the purpose of the
    scope (for example, Connect to Example Database), which users can see if you
    specify Admins and users in Who can consent.
     State enables or disables the connection. Select Enabled.
    Creating a Microsoft Azure AD App Role

    Please create 2 custom roles on Azure AD following the below instructions:

    Role 1: GL_Total_Company

    Role 2: GL_Food_Service

    The following steps describe how to create the app role for use with an Oracle Database
    integration.

    1. Log in to Azure AD as an administrator who has privileges for creating app roles.
    2. Access the Oracle Database app registration that you created.
    a. Use the Directory + subscription filter to locate the Azure Active
    Directory tenant that contains the Oracle Database app registration.
    b. Select Azure Active Directory.
    c. Under Manage, select App registrations, and then select the Oracle
    Database instance that you registered earlier.
    3. Under Manage, select App roles.
    4. In the App roles page, select Create app role.
    5. In the Create app role page, enter the following information:
     Display name is the displayed name of the role (for example, HR App
    Schema). You can include spaces in this name.

     Value is the actual name of the role (for example, HR_APP). Ensure that this
    setting matches exactly the string that is referenced in the application's
    code. Do not include spaces in this name.
     Description provides a description of the purpose of this role.
     Do you want to enable this app role? enables you to activate the role.
    6. Click Apply.

    The app role appears in the App roles pane.


    Assigning Users and Groups to the Microsoft Azure AD App Role
    Before Microsoft Azure AD users can have access to the Oracle Database instance, they
    must first be assigned to the app roles that will be mapped to Oracle Database schema
    users or roles.

    Following steps explain how to do this for an Oracle Database integration.

    1. Log in to Azure AD as an administrator who has privileges for assigning Azure AD users
    and groups to app roles.
    2. In Enterprise applications, access the Oracle Database application that you registered.
    a. Use the Directory + subscription filter to locate the Azure Active Directory
    tenant that contains the Oracle connection.
    b. Select Azure Active Directory.
    c. Under Manage, select Enterprise applications, and then select the Oracle
    Database application name that you registered earlier.
    3. Under Getting Started, select Assign users and groups.
    4. Select Add user/group.
    5. In the Add assignment window, select Users and groups to display a list of users and
    security groups.
    6. From this list, select the users and groups that you want to add to the app role, and then
    click Select.
    7. In the Add assignment window, select Select a role to display a list of the app roles that
    you have created.
    8. Select both the app role and then select Select.
    9. Click Assign.

    Assigning an Application to an App Role


    1. Log in to Azure AD as an administrator who has privileges for assigning Azure AD
    users and groups to app roles.
    2. Access the app registration for the application.
    3. Under Manage, select API permissions.
    4. In the Configured permissions area, select + Add a permission.
    5. In the Request API permission pane, select the My APIs tab.
    6. Select the Oracle Database app that you want to give permission for this
    application to access. Then select the Application permissions option.
    7. Select the database app roles to assign to the application and then click the Add
    Permission box at the bottom of the screen to assign the app roles and close the
    dialog box. Ensure that the app roles that you just assigned appear under
    Configured permissions.
    8. Select Grant admin consent for tenancy to grant consent for the tenancy users,
    then select Yes in the confirmation dialog box.
    Once Completed, please share the below Azure details to Mastek:

    Application ID URI -- eg: your_tenancy_url/application_(client)_id


    In this specification:

    your_tenancy_url must include https as the prefix and the fully


    qualified domain name of your Azure AD tenancy.

    application_(client)_id is the ID that was generated when you registered the


    Oracle Database instance with Azure AD. It is displayed in the Overview pane
    of the app registration.

    Azure tenant_id : // from tenant config

    App_id: string // from registered resource app

    You might also like