ODP.NET Authentication using Azure Active Directory to Enable Single Sign-On
Oracle Data Provider for .NET (ODP.NET) now supports Azure Active Directory authentication for Oracle Autonomous Database and on-premises databases, starting with server version 19.16. This feature is free to use and available with ODP.NET Core, managed ODP.NET, and unmanaged ODP.NET, starting with version 19.15.1.
ODP.NET and Oracle database apps can now support single sign-on across a range of Azure and Microsoft 365-based cloud services using Azure Active Directory.
As more apps integrate across on-premises and multicloud systems, managing identities becomes increasingly challenging for both administrators and users alike with federated identity solutions. Administrators may have to maintain a different set of credentials for EACH user to access EACH resource. The end user has to manage their own unique credentials as well for each resource. And the more user credential proliferation, the harder to ensure secure practices are applied completely and accurately.
To solve this challenge, centralized identity stores, such as Azure Active Directory, are employed to manage user identity and resource access. End users then can maintain one set of credentials with single sign-on to all their apps. Administrators can more easily oversee user access across apps in the cloud and on-premises through unified identity management. With those benefits in mind, Oracle enabled its on-premises databases and Oracle Autonomous Database to use OAuth 2.0 access tokens from Azure Active Directory. Those tokens can be consumed by all types of apps, including .NET, Java, and Instant Client ones. ODP.NET uses the access token to authenticate with the database instead of an username and password.
Azure Active Directory application roles centralize user schema mapping and database authorization. Oracle database schemas are mapped to Azure Active Directory users or app roles. The app roles can be assigned to Azure Active Directory users or groups.
Database users with the same app role assignments are granted the same access rights, which simplifies managing multiple users with identical privileges.
You can read more about using Azure Active Directory access tokens with ODP.NET in the documentation. The link includes an ODP.NET code sample that demonstrates how to use Azure Active Directory access tokens.
This new Azure Active Directory integration is another example of how Oracle databases and ODP.NET enhance developer and administrator capabilities in the multicloud.
Hop into our public Slack if you want to discuss!
Or, try our Free Tier to get your feet wet.
