4 Configure Oracle Deep Data Security for Direct Logon with End Users in IAM
In this quick-start chapter, you learn how to configure Oracle Deep Data Security (Deep Sec) in an Oracle AI Database environment to enable direct logon for users provisioned in Microsoft Entra ID.
As part of this chapter, you will:
- Set up a scenario in which users connect directly to an application database, establish a Deep Sec session, and perform basic operations.
- Implement role-based access control (RBAC) for two users, Marvin and Emma, by provisioning them in Microsoft Entra ID and assigning different roles. Their roles determine their level of access to data in the application database.
- Use a single-host setup in which the database client and server run on the same machine. You'll use SQL*Plus, included with Oracle AI Database, as the client.
- Use the OAuth 2.0 authorization flow natively supported by Oracle AI Database to authenticate users through browser-based sign-in.
Note:
For a sample script that performs the database-side configuration for this scenario, see Scripts for Direct Logon with End Users in IAM. You must complete the Microsoft Entra ID, TLS, and client configuration steps manually.Overview of tasks
| Task | Topic |
|---|---|
|
Review prerequisites for the tutorial |
|
|
Register applications and define application-specific roles in Microsoft Entra ID |
|
|
Create users in Microsoft Entra ID and assign roles |
|
|
Generate client and server credentials (Oracle wallets and certificates) for encryption |
|
|
Configure the database listener for secure TCPS connections |
|
|
Configure the SQL*Plus client |
|
|
Configure data access control using Oracle Deep Data Security capabilities |
|
|
Verify the signed-in identity and role-based data access |