6.2 IAM-Managed Users Connecting Directly

In this scenario, end users are managed in an IAM system (Microsoft Entra ID or OCI IAM), and connect to the database directly using a SQL client (for example, SQL*Plus) and their own IAM credentials. No application is involved. This scenario is typical for data analysts, developers, and DBAs.

For an overview of the use case and authentication flow, see Connect Directly to the Database.

Configuration path

1. In your IAM system, register applications to represent the database and the SQL client. Subsequently, create end users and assign roles. Depending on your IAM provider, see one of the following topics:
   • For Microsoft Entra ID, see Create Application Registrations in Microsoft Entra ID.
   • For OCI IAM, see Configure OCI IAM for Application-Mediated Access. Substitute the SQL client for the application.
2. Configure the database. See Set Up IAM Integration for Direct Logon.
3. Set up your SQL client for direct logon. See Configure a SQL Client for Interactive Logon (Direct Logon).

Example configuration

For a step-by-step example of this configuration using Microsoft Entra ID, see Configure Oracle Deep Data Security for Direct Logon with End Users in IAM.