9.3 Configure a SQL Client for Interactive Logon (Direct Logon)
If your IAM-managed users connect directly to the database using a SQL client (such as SQL*Plus) and browser-based OAuth sign-in, configure the client machine for token-based authentication.
After an end user successfully authenticates, the database
automatically establishes an end-user security context for the user
based on the identity provider configuration (see Set Up IAM Integration for Direct Logon) and the roles or
groups claim present in the end-user
token.
For sqlnet.ora authentication parameters
and tnsnames.ora connection alias configuration,
see the following sections in Oracle AI Database
Security Guide:
- For Microsoft Entra ID: Enabling Clients to Directly Retrieve Entra ID Tokens.
- For OCI IAM: Configuring a Client Connection for SQL*Plus That Uses an IAM Token.
Note:
You must configure the database server for TLS before configuring the client. The client-side trust store requires the server certificate to establish trust. For TLS configuration, see Configuring Transport Layer Security Encryption in Oracle AI Database Security Guide.