7.1 Register the Database in Microsoft Entra ID

Register your Oracle AI Database as an application in Microsoft Entra ID so that your application can request access tokens scoped to the database.

This registration represents the database as a resource server. You will also expose the database as a web API and define a scope that controls which client applications can request database-access tokens.
  1. Create an application registration for the database.
    1. Log in to the Microsoft Entra Portal.
    2. In the left navigation pane, expand Entra ID, click App registrations, and then click New registration.
    3. Perform the following tasks on the Register an application page:
      1. Enter OracleDB_Resource in the Name field.
      2. For Supported account types, select Single tenant only - Default Directory.
      3. Click Register.
      The application is successfully created for your database.
    4. From the application’s Overview page, copy and save the following values for later use:
      • Application (client) ID.
      • Directory (tenant) ID.
      You'll use these values to configure the identity provider configuration in the database.
  2. Expose the database's application registration as a web API, and define a scope to control access for client applications.
    1. On the application’s Overview page, click Add an Application ID URI.
      The Expose an API page opens.
    2. Click Add next to Application ID URI.
    3. Update the default URI by replacing api:// with https://<your-entraID-domain>/, and click Save.

      The resulting URI should resemble: https://supremo.onmicrosoft.com/fe58fefb-0925-4c8f-9b14-598a0d2f4552. Copy this URI for later use.

      Note:

      These instructions are for v1 access tokens, which use a https://-prefixed application ID URI. Oracle AI Database also supports v2 access tokens. To use v2 tokens, keep the default api:// URI, add upn as an optional claim under Token configuration, and set accessTokenAcceptedVersion to 2 in the application manifest. For the detailed procedure, see Enabling Microsoft Entra ID v2 Access Tokens in Oracle AI Database Security Guide.
    4. Add a scope.
      1. Under Scopes defined by this API, click Add a scope.
      2. In the panel that appears, enter the following information:
        • Scope name: sessions:scope:connect.
        • Who can consent: Select Admins and users.
        • Enter Access Oracle Database as the value in all remaining fields.
        • Click Add scope.

You have now created the database application registration in Entra ID with an application ID URI and a delegated scope. Client applications can reference this scope when requesting database-access tokens.

See also:

Registering the Oracle AI Database Instance with a Microsoft Entra ID Tenancy in Oracle AI Database Security Guide.