Learn about delegating user authentication and authorization to external identity providers.

Oracle GoldenGate supports IDCS and IAM as cloud-based identity providers and OAM as an on-premise identity provider. Starting with Oracle GoldenGate 23.9, Microsoft Azure EntraID is also available as an extternal identity provider.

By using identity providers, you delegate the Oracle GoldenGate user management and authentication to the OpenID-complaint external identity providers. To utilize this feature, you can create authorization profiles in Oracle GoldenGate while registering the application in the corresponding external identity providers.

An authorization profile created in Oracle GoldenGate allows integration with external identity providers (IdPs), which can be configured in Oracle GoldenGate using Authorization Profiles. External IdPs provide user management (using users, groups, and alignment between users, groups, and applications) capabilities. To set up a connection between an external IdP and Oracle GoldenGate, a confidential application needs to be created using OAuth2. From this confidential application, Oracle GoldenGate derives the Client ID and Client Secret for authenticating the IdP system.

The external IdP system gets the information including the redirect URIs and post-logout URLs from Oracle GoldenGate. This allows managing Oracle GoldenGate user access through external servers instead of creating users for accessing Oracle GoldenGate.