1. Using Oracle Autonomous Database Serverless
  2. Tasks
  3. Manage Users
  4. Use Identity and Access Management (IAM) Authentication with Autonomous Database
  5. Enable Identity and Access Management (IAM) Authentication on Autonomous Database

Enable Identity and Access Management (IAM) Authentication on Autonomous Database

Describes the steps to enable IAM user access on Autonomous Database.

Note:

Autonomous Database integration with Oracle Cloud Infrastructure IAM is supported in commercial regions with identity domains as well as in the legacy IAM, which does not include identity domains. IAM with identity domains was introduced with new Oracle Cloud Infrastructure tenancies that were created after November 8, 2021. Autonomous Database supports users and groups in default and non-default identity domains.

To enable Autonomous Database to allow IAM users to connect to the database:

  1. Perform the prerequisites for IAM authorization and authentication on Autonomous Database. See Prerequisites for Identity and Access Management (IAM) Authentication on Autonomous Database for more information.
  2. Use the procedure DBMS_CLOUD_ADMIN.ENABLE_EXTERNAL_AUTHENTICATION to enable Oracle Cloud Infrastructure IAM authentication.

    When you perform these steps, connect to the Autonomous Database instance as the ADMIN user or as a user with ADMIN privileges.

    For example:

    BEGIN
   DBMS_CLOUD_ADMIN.ENABLE_EXTERNAL_AUTHENTICATION( 
      type => 'OCI_IAM' );
END;
/

    By default the force parameter is false. When another external authentication method is enabled and force is false, DBMS_CLOUD_ADMIN.ENABLE_EXTERNAL_AUTHENTICATION reports the following error: 

    ORA-20004: Another external authentication is already enabled.

    If you want to disable the external authentication that is currently enabled and use IAM authentication instead, include the force parameter.

    For example:

    BEGIN
   DBMS_CLOUD_ADMIN.ENABLE_EXTERNAL_AUTHENTICATION( 
      type => 'OCI_IAM',
      force => TRUE );
END;
/

    This sets the IDENTITY_PROVIDER_TYPE system parameter.

    For example, you can use the following to verify IDENTITY_PROVIDER_TYPE: 

    SELECT NAME, VALUE FROM V$PARAMETER WHERE NAME='identity_provider_type';
 
NAME                   VALUE   
---------------------- ------- 
identity_provider_type OCI_IAM

Parent topic: Use Identity and Access Management (IAM) Authentication with Autonomous Database