Versions Compared

Old Version 3

changes.mady.by.user Nadja Pollard

Saved on

compared with

New Version Current

changes.mady.by.user Nadja Pollard

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Connect to the SQL Diagnostic Manager Repository with the OIDC Authentication Method.

Prerequisites

  • Have Okta or Entra ID OIDC provider credentials.
  • The OIDC callback URL should be configured as http://localhost:5000/callback/
    • In Okta, configure Allowed Callback URLs as  http://localhost:5000/callback/
    • In Entra ID, configure Redirect URLs as  http://localhost:5000/callback/

Setting the OIDC callback URL for SQL DM Desktop

The OIDC callback URL for the Desktop Client is stored in the user.config file. Although it defaults to http://localhost:5000/callback/, the user can change it to any localhost URL, provided the same URL is included in the list of Allowed Callback URLs. Changes take effect after relaunching the application, which is helpful if port 5000 is already in use on a particular machine.  

Setting the OIDC callback URL for SQL DM Web Console

Configure the OIDC callback URL for SQLDM Web Console as https://[machine_name]:9295/callback/. The base of the callback URL must be the same as it was shown in the Web Console during the last step of the installer (but https).

Set your OIDC credentials

Use the OIDC Settings window to specify the OIDC credentials for when you want to enable OIDC authentication. Once specified, the credentials take effect for all Desktop Clients and Web Consoles connecting to the same SQL DM Repository.

To set your OIDC credentials

  1. Access the OIDC Settings window by selecting Image Added > OIDC Settings from the SQL Diagnostic Manager toolbar.
  2. Assign the OpenID Connect Provider. It can be a nickname for your Okta or Entra ID.
  3. Insert the Authority URL provided by the OIDC provider. It is the endpoint where the authentication process starts, typically in the format of https://login.provider.com/....
  4. Insert your Client ID (unique identifier) for the application registered with the OIDC provider.
  5. Insert your Client secret credential from the provider.
    Info
    Find your Okta or Entra ID credentials.
  6. Click Login to initiate the OIDC log in.
    • A web browser appears where you have to authenticate against the OIDC provider.
      • On valid authentication, a success message appears.
      • If the authentication fails, an unsuccessful message appears.
      • The Authentication status label displays in the wizard whether the user is Authenticated or Not Authenticated.
  7. Click Logout to log out from the current OIDC session. It clears any stored tokens or session data.
    Info
    You can log out whenever you want from the same wizard. 
  8. Click OK to save your changes in the Repository and Management Service Settings wizard.
    Tip
    • If the token expires, the next time you login, a new token is generated automatically.
    • If the authorized session is revoked by the provider, the Authentication Failed message appears, requiring you to authenticate again.

For more information, visit Okta or Entra

Please note that when employing Entra ID authentication while adding a new server to SQL Diagnostic Manager, you must select or configure an Azure Profile.

Info

Components of Azure Profile are responsible for building a valid connection.

What are the service account requirements?

First of all, review the following information regarding your account requirements and ensure you meet them.

Account Permissions

The minimum permission required for Azure SQL Database is Microsoft Entra admin configured in Entra ID service principal so that full access is available for monitoring.

However, you must grant the Azure SQL Database permissions to read the Microsoft Entra ID. For more information regarding this matter, please refer to the Azure portal section of the Authorize server and database access using logins and user accounts article.

How to select an Azure Profile?

Select your Azure Profile by following the next steps:

  1. Click the Azure Discovery Settings button.
  2. In case you have already created an Azure profile, select it from the Select an Azure Profile dropdown. Otherwise, create a new one.
  3. Click OK to save your configuration.
  4. Select a server to monitor.
  5. Select the instances to monitor.

...

Create a new Azure profile by clicking Manage Azure Profile from the Azure Application Configuration wizard.

When the Azure Profiles Configuration Wizard opens, you have two sections:

  • The Application Profile adds a new profile and manages the existing profile.
  • The Azure Linked Profile indicates which Azure profile is linked with which server instance. You can also manipulate this mapping using the View/Edit and Delete buttons.

To add a new Azure profile, please follow the steps below:

  1. Click the New button in the Application Profiles section.
  2. Choose a Profile Name and Description for your Azure profile from the Azure Application Profile wizard.
  3. Select an Azure Subscription from the subscription dropdown, otherwise, click New and complete the following fields with the application information:
    1. Subscription ID*
    2. Description
  4. Click OK to save your Subscription information.
  5. Select an Azure Application from the application dropdown, otherwise, click New and complete the following fields with the application information:
    1. Application name
    2. Tenant ID*
    3. Client ID* 
    4. Secret value*
    5. Description of the Azure application
  6. Click OK to save your Subscription information. Review all your information. When you finish, the wizard should look like this image.
  7. Click OK to save your Azure Application Profile.
  8. Click Close to close the Azure Profiles Configuration wizard.
  9. In the Azure Application configuration, select the Azure Profile you just created from the Select Azure Profile dropdown.
  10. Select the instances to monitor.

How to get Azure Profile components?

If you do not know how to obtain your application information, such as your subscription ID, tenant ID, client ID, and secret value, we have outlined the following steps to get them.

Get your Subscription ID

  1. Log in to the Azure Portal.
  2. Get the Subscription ID by searching Subscriptions in the search bar.
  3. Copy and save the Subscription ID in a notepad or secure file.

Get your Tenant ID

  1. Log in to the Azure Portal.
  2. Select the Microsoft Entra ID service.
  3. Copy and save the Tenant ID from the Overview tab.

Get your Client ID and Secret Value

  1. Log in to the Azure Portal.
  2. Select the Microsoft Entra ID service.

  3. Navigate to the Manage node from the left side menu and select App Registration.

  4. After the creation of the app, we need to apply the Reader role to the app under Subscription > IAM > Role Assignment.

  5. If you have already created your Owned App, select it, and the Overview page will display the Client ID.

  6. Copy and save it.

  7. Click the secret hyperlink to obtain your Secret value if you have already created it. In case you need a secret value, you can create a new one.

  8. Copy and save your Secret Value.

  9. Otherwise, you can create a new one.

Create a Client Secret

In case you do not have the Secret ID or you have lost it, follow the steps below: 

...

ID.


Scroll pdf ignore
Newtabfooter
aliasIDERA
urlhttp://www.idera.com
 
Newtabfooter
aliasProducts
urlhttps://www.idera.com/productssolutions/sqlserver
 
Newtabfooter
aliasPurchase
urlhttps://www.idera.com/buynow/onlinestore
 | 
Newtabfooter
aliasSupport
urlhttps://idera.secure.force.com/
 | 
Newtabfooter
aliasCommunity
urlhttp://community.idera.com
 | 
Newtabfooter
aliasResources
urlhttp://www.idera.com/resourcecentral
 | 
Newtabfooter
aliasAbout Us
urlhttp://www.idera.com/about/aboutus
 | 
Newtabfooter
aliasLegal
urlhttps://www.idera.com/legal/termsofuse