6.3 IAM-Managed Users Connecting Through an Application

In this scenario, end users are managed in an IAM system (Microsoft Entra ID or OCI IAM) and connect to the database through an application, such as a REST API, web application, MCP server, or analytics tool.

There are two variations of this scenario:

• Applications or AI agents accessing the database on behalf of end users.
• End users operating in the context of applications or AI agents.

For a complete overview of the use cases and authentication flows, see Connect Through an Application in Data Access Patterns.

Configuration path

1. Register applications, create end users, and assign roles in your IAM system. Depending on your IAM provider, see one of the following topics:
   • Configure Microsoft Entra ID for Application-Mediated Access.
   • Configure OCI IAM for Application-Mediated Access.
2. Configure the database. See Set Up IAM Integration for Application-Mediated Connections.
3. Configure the application. See Update Application Configuration with IAM Details.

Example configuration

For a step-by-step example of this configuration using Microsoft Entra ID and a Spring Boot application, see Configure Oracle Deep Data Security for a Sample Application.