Set Up Oracle Authentication
Click here to view navigation pane

Set Up Oracle Authentication

Create a separate Oracle authentication record for each Oracle instance you want to scan. During scanning we'll authenticate to all Oracle instances defined in all Oracle records in your account.

System created authentication records

Did you know? You can allow the system to create Oracle authentication records for auto discovered instances and scan them. This is supported for Unix installations only. To enable this feature, you must first create Oracle System Record Templates.

Learn how to set this up >>

Which technologies are supported?

For the most current list of supported authentication technologies and the versions that have been certified for VM and PC by record type, please refer to the following article: 

Authentication Technologies Matrix

 

A few things to consider...

We recommend you review Oracle Use Cases

What credentials should I use?What credentials should I use?

It is strongly recommended that you create one or more dedicated user accounts to be used solely by our service to authenticate to Oracle databases. See our Scanning Tips docs under Quick Links (also available under Help > Resources).

Is the database a Multitenant Container Database?Is the database a Multitenant Container Database?

Be sure to choose the "Is CDB" option on the Target Configuration tab in the Oracle record. When “Is CDB” is selected, the compliance scan will auto discover and assess all accessible Pluggable Databases (PDBs) within the container database (CDB). Learn more about Oracle authentication for CDB/PDBs

 

Help me with record settings

How do I get started?How do I get started?

- Go to Scans > Authentication.

- Check that you already have a record defined for each host running database instances.

- Create a Oracle record for the database instance. Go to New > Databases > Oracle.

Tell me about the Ports settingTell me about the Ports setting

Port <number>
Enter the port number you want to scan. We'll use the credentials in this record to attempt authentication to the SID on the port you enter here.

All Ports
Select this option and we'll use the credentials in the record to attempt authentication to the SID on all ports the SID is detected on. You may only create one Oracle record with the "All Ports" option per host.

We'll attempt to find a port-specific record firstWe'll attempt to find a port-specific record first

When we detect an Oracle instance on a host at scan time:

First we'll look for a port-specific record for the host and attempt authentication using its credentials.

If a port-specific record is not found or if authentication fails...

Then we'll look for an "All Ports" record for the host and attempt authentication using its credentials.

Want to access the account password from your password vault?Want to access the account password from your password vault?

We support integration with multiple third party password vaults. Just go to Scans > Authentication > Vaults and tell us about your vault system. Then choose Authentication Vault in your record and select your vault name. At scan time, we'll authenticate to hosts using the account name in your record and the password we find in your vault.

Perform OS-dependent compliance checksPerform OS-dependent compliance checks (Windows, Unix)

Select this option on the Windows and/or Unix tab to allow the scanning engine to gather Oracle compliance data at the operating system level.

For Windows, you must also have a Windows record with the same IP addresses as the Oracle record. For Unix, you must have a Unix record with the same IP addresses as the Oracle record.

Your Oracle InstallationYour Oracle Installation

Enter details about your Oracle installation in the fields provided. All fields are required and have a limit of 255 characters.

For Windows, these special characters are not allowed: ; & | # % ? ! * ` ( ) [ ] ” ’ > < = ^ /

For Unix, these special characters are not allowed: ; & | # % ? ! * ` ( ) [ ] ” ’ > < = ^ \

Perform OPatch checksPerform OPatch checks (Unix)

Select this option on the Unix tab to allow the scanning engine to get a list of all installed patches for the Oracle instance. Unix authentication and Oracle Authentication are both required to perform OPatch checks. Learn more

Note - The Oracle installation details you provide on the Unix tab will apply to both types of checks: OS-dependent checks and OPatch checks.

Important Notes for Unit ManagersImportant Notes for Unit Managers

When a Unit Manager edits a record, the Unit Manager only sees the IPs in the record that they have permission to. Any changes made by the Unit Manager will apply to all hosts defined in the record, regardless of whether all hosts belong to the user's business unit. The record may contain more IPs that are not visible to the Unit Manager.

 

Quick Links

Why use host authentication

Oracle System Record Templates

Oracle CDB/PDBs

Perform OPatch Checks

Oracle Use Cases

Oracle Database QIDs - Confirmed vs. Potential

Oracle Auth (VM) Zip File Icon

Oracle Auth (PC) Zip File Icon