Enable Identity and Access Management (IAM) Authentication on Autonomous AI Database
Describes the steps to enable IAM user access on Autonomous AI Database.
Note: Autonomous AI Database integration with Oracle Cloud Infrastructure IAM is supported in commercial regions with identity domains as well as in the legacy IAM, which does not include identity domains. IAM with identity domains was introduced with new Oracle Cloud Infrastructure tenancies that were created after November 8, 2021. Autonomous AI Database supports users and groups in default and non-default identity domains.
To enable Autonomous AI Database to allow IAM users to connect to the database:
-
Perform the prerequisites for IAM authorization and authentication on Autonomous AI Database. See Prerequisites for Identity and Access Management (IAM) Authentication on Autonomous AI Database for more information.
-
Use the procedure
DBMS_CLOUD_ADMIN.ENABLE_EXTERNAL_AUTHENTICATIONto enable Oracle Cloud Infrastructure IAM authentication.When you perform these steps, connect to the Autonomous AI Database instance as the ADMIN user or as a user with ADMIN privileges.
For example:
BEGIN DBMS_CLOUD_ADMIN.ENABLE_EXTERNAL_AUTHENTICATION( type => 'OCI_IAM' ); END; /By default the
forceparameter is false. When another external authentication method is enabled andforceis false,DBMS_CLOUD_ADMIN.ENABLE_EXTERNAL_AUTHENTICATIONreports the following error:ORA-20004: Another external authentication is already enabled.If you want to disable the external authentication that is currently enabled and use IAM authentication instead, include the
forceparameter.For example:
BEGIN DBMS_CLOUD_ADMIN.ENABLE_EXTERNAL_AUTHENTICATION( type => 'OCI_IAM', force => TRUE ); END; /This sets the
IDENTITY_PROVIDER_TYPEsystem parameter.For example, you can use the following to verify
IDENTITY_PROVIDER_TYPE:SELECT NAME, VALUE FROM V$PARAMETER WHERE NAME='identity_provider_type';NAME VALUE ---------------------- ------- identity_provider_type OCI_IAM