Database Authentication
This topic provides an overview of database authentication models.
The following authentication types are supported when you connect to an Oracle database:
- Authentication using Username or Username / Password combination
- OS authentication
- Token based authentication
Note:
The configuration types and authentication methods vary when you connect to other databases such as, MySQL, PostgreSQL, SQLite, or any custom database.| Token Type | Authentication |
|---|---|
| OCI API Key | Uses a private/public key pair and a configuration file to authenticate API requests to Oracle Cloud Infrastructure. In the Token Config File field of the Credentials section, select the folder (.oci directory in your user's home directory) to upload the configuration file, for example, ~/.oci/config. This config file contains user details such as user OCID, tenancy OCID, region, fingerprint of the public key and the private key file path.
Based on the uploaded configuration file, the Token Profile drop-down field displays the auth token used with that config file that you can select and proceed with the authentication. Note: If you do not have any existing private/public key pair to upload for creating the configuration file, you must first generate the API keys in your OCI console, download and store the private key with appropriate permissions. |
| OCI Interactive | Uses the OCI interactive mode to create a temporary session token that is used for database authentication. The following parameters are required when using OCI Interactive authentication method:
|
| Azure Interactive | Interactive authentication using Azure AD (Microsoft Entra ID) lets you connect to Oracle databases using your Entra ID credentials (leveraging OAuth2 access tokens) and SSO capabilities. The OAuth2 access token contains information such as user identity and access details, which is passed to the Oracle database client for token validation. Once validated, the token is sent to the Oracle database instance to grant access.
You need to specify the unique URI for the Oracle database instance in the Database Application Id URI field to establish the connection. |
| Azure Service Principal with Certificate |
Azure Service Principal enables driver authentication using a certificate of the registered application (Oracle database instance registered with Azure AD), offering a more secure alternative to client secrets. The certificate-based authentication method leverages public/private key pair obtained through a certificate of authentication for identity verification of the database client. The following parameters are required when using Azure Service Principal with Certificate authentication method:
Note: The certificate of authentication can be self-signed for development environment, however, for production environment should be obtained from trusted authorities. |
| Azure Service Principal with Token |
Azure Service Principals leverages token-based authentication to securely access Azure resources and connect to Oracle database. This method uses a Service Principal's credentials (service principal is created when the database client is registered in Azure AD) consisting of a client secret to obtain an access token from Microsoft Entra ID. The following parameters are required when using Azure Service Principal with Certificate authentication method:
|
Note:
The Azure token authentication support is available for Oracle Autonomous AI Databases, Oracle Exadata Database Service, Oracle Base Database Service, and on-premises Oracle Database 19c and higher. In order to support Azure authentication, Oracle databases must have Microsoft Entra ID authentication configured. The Oracle Databases must be registered with Azure AD.Parent topic: Database Configuration