• State Not Answered
  • Replies 1 reply
  • Subscribers 96 subscribers
  • Views 212 views
  • Users 0 members are here
Options
Related

Is a change from SQL login to Windows integrated login on SQL Server hosting the OneIM databases supported?

peter eidenson
4 months ago

Hi

One of my customer has a requirement that says we are no longer allowed to use SQL logins on the SQL server where our OneIM databases resides. Is it supported to run the Identity Manager solution wihout any SQL logins, e.g the OneIM_Admin for instance. 

The only thing I found regarding Windows Integrated auth in the installation guide https://support.oneidentity.com/technical-documents/identity-manager/9.2/installation-guide/3#TOPIC-2083740 

is this:

Tips for using integrated Windows authentication

Integrated Windows authentication can be used without restriction for the One Identity Manager Service and the web applications. Integrated Windows authentication can be used for FAT clients. Use of Windows groups for logging in is supported. To ensure functionality it is strongly recommended you use SQL login

The last sentece (marked yellow) confuses me as it states that you are strongly recommended to use SQL login to ensure functionallity.

So will the solution stop working if I change to Windows integrated and not using SQL logins anymore, does somebody know what issues I might experience?

Parents
  • 0 4 months ago

    Using integrated Windows authentication can have unwanted side effects when performing maintenance or making changes to the schema.

    For example, if a Windows identity is the owner of the database, stored procedures that need to run as dbo may not be able to do so. For Active Directory groups, this is the immediate result; for Active Director accounts, this is the result after the account loses access privileges or is disabled.

    I've also seen cases where custom tables were created in personalised schemas that were tied to the Windows identities that created them.

Reply
  • 0 4 months ago

    Using integrated Windows authentication can have unwanted side effects when performing maintenance or making changes to the schema.

    For example, if a Windows identity is the owner of the database, stored procedures that need to run as dbo may not be able to do so. For Active Directory groups, this is the immediate result; for Active Director accounts, this is the result after the account loses access privileges or is disabled.

    I've also seen cases where custom tables were created in personalised schemas that were tied to the Windows identities that created them.

Children
No Data