Cyral
Get Started Sign In

Using TOAD to access a Cyral-protected Oracle database

Your normal database clients continue to work once Cyral protection is added to your databases. Below, we show how to use the TOAD client to connect to a Cyral-protected Oracle database. To get TOAD, see quest.com 

Connect


  1. In TOAD, click Session: New Connection to set up a new connection for Oracle. 

  1. In Edit Login Record, enter the username. Choose the option that applies to you, below: 

    • If using Oracle credentials: Provide the database user name; 

  • If using Cyral SSO: Provide the SSO user name in one of the formats shown in "SSO username formats in Cyral", later in this document. For example: bob@healthyheartsis.us:mathematician or idp:bob@healthyheartsis.us 

  1. In the Select Direct tab:

    • Host: Address of the Cyral sidecar, which may be a load balancer address

    • Port: Repository port of the Cyral sidecar

    • Service Name or SID: The database service name or SID

  1. Next, hit Connect and TOAD will prompt you for your password:

    • If using Oracle credentials: Provide the user's usual database password;

  • If using Cyral SSO: Provide the SSO token.


SSO username formats in Cyral

SSO users can connect to any Cyral-protected database with their SSO username in one of the following formats, SSO username only, or SSO username with local account mapping, as described below.

SSO username only

idp:sso-user

If you're not passing a group name, pass your username in the format, "idp:sso-user" where "sso-user" is your username in the identity provider like Okta. 

For example, "idp:bob@hhiu.us" for an SSO user with the Okta username bob@hhiu.us

Note! If your repository does not have native authentication enabled in Cyral, then you can optionally omit the "idp:" prefix.

SSO username with local account mapping

sso-user:local-account

The local account is a user, group, or role in the repository for which you've created a mapping in the Cyral "Identity to Account Map" tab for your repository. If you need to specify which local account to use, pass a local account name, you'll drop the "idp:" prefix and append the local account name in the format: "sso-user:local-account". 

For example, "bob@hhiu.us:analyst-account" for an SSO user with the Okta username bob@hhiu.us and the local account mapping called "analyst-account" in Cyral.

Did you find it helpful? Yes No

Send feedback
Sorry we couldn't be helpful. Help us improve this article with your feedback.