This illustration describes how a network authentication service authenticates a user. First, the user (client) requests authentication services from an authentication server. The user proves his or her identity by providing a token or password. After authenticating the user, the authentication server passes a ticket or credentials back to the client. The client can now take these credentials and pass them to the Oracle server while asking for a service, such as connection to a database.

The Oracle server sends the credentials to the authentication server to verify their validity. If the authentication server accepts the credentials, it notifies the Oracle server and the Oracle server performs the requested task for the user. If the credentials are not accepted, the requested service is denied.