Your normal database clients continue to work once Cyral protection is added to your databases. Below, we show how to use the TOAD client to connect to a Cyral-protected Oracle database. To get TOAD, see quest.com
Connect
In TOAD, click Session: New Connection to set up a new connection for Oracle.
In Edit Login Record, enter the username. Choose the option that applies to you, below:
If using Oracle credentials: Provide the database user name;
If using Cyral SSO: Provide the SSO user name in one of the formats shown in "SSO username formats in Cyral", later in this document. For example: bob@healthyheartsis.us:mathematician or idp:bob@healthyheartsis.us
In the Select Direct tab:
Host: Address of the Cyral sidecar, which may be a load balancer address
Port: Repository port of the Cyral sidecar
Service Name or SID: The database service name or SID
Next, hit Connect and TOAD will prompt you for your password:
If using Oracle credentials: Provide the user's usual database password;
If using Cyral SSO: Provide the SSO token.
SSO username formats in Cyral
SSO users can connect to any Cyral-protected database with their SSO username in one of the following formats, SSO username only, or SSO username with local account mapping, as described below.
SSO username only
idp:sso-user
If you're not passing a group name, pass your username in the format, "idp:sso-user" where "sso-user" is your username in the identity provider like Okta.
For example, "idp:bob@hhiu.us" for an SSO user with the Okta username bob@hhiu.us
SSO username with local account mapping
sso-user:local-account
The local account is a user, group, or role in the repository for which you've created a mapping in the Cyral "Identity to Account Map" tab for your repository. If you need to specify which local account to use, pass a local account name, you'll drop the "idp:" prefix and append the local account name in the format: "sso-user:local-account".
For example, "bob@hhiu.us:analyst-account" for an SSO user with the Okta username bob@hhiu.us and the local account mapping called "analyst-account" in Cyral.