7 Configure Microsoft Entra ID for Application-Mediated Access

Register applications, create users, and assign roles in Microsoft Entra ID to support authentication and authorization for application-mediated access to the database.

The registration steps in this chapter apply regardless of which OAuth 2.0 flow your application uses (on-behalf-of or client credentials). You select the flow when you configure the application. See Update Application Configuration with IAM Details.

Note:

• For all available Oracle AI Database integration options with Entra ID, see Authenticating and Authorizing Microsoft Azure Users for Oracle AI Databases in Oracle AI Database Security Guide.
• For the full range of Entra ID capabilities, see the Microsoft identity platform documentation.
• If your application users connect directly to Oracle AI Database using Entra ID tokens with tools such as SQL*Plus (without an application), see Configure Oracle Deep Data Security for Direct Logon with End Users in IAM.
• The Microsoft Entra portal interface may be updated over time. If a specific label or navigation path differs from the instructions provided here, look for the closest matching option.

Topics:

• Register the Database in Microsoft Entra ID

• Register the Application in Microsoft Entra ID

• Create Users and Assign Roles in Microsoft Entra ID

• Validate the Microsoft Entra ID Configuration