Help Center/ Cloud Bastion Host/ User Guide/ Operation/ Host Operation/ Logging In to and Maintaining Database Resources Using an SSO Client
Updated on 2024-09-24 GMT+08:00

Logging In to and Maintaining Database Resources Using an SSO Client

You can use single sign-on (SSO) tools to invoke the database client tool for database resource O&M and operation audit. Before your start, install the SSO and database client tools and then configure the path of the database client tool.

This topic describes how to configure the SSO client and how to use the SSO tool to log in to database resources.

There are four options for the single sign-on (SSO) tool:

  • Mysql cmd
  • MySQL Administrator
  • Navicat
  • DBeaver (supported by bastion host V3.3.48.0 and later versions)

Constraints

  • The database operation audit is available only in professional editions.
  • Only MySQL, SQL Server, Oracle, DB2, PostgreSQL, and GaussDB databases can be managed.

    A bastion host cannot verify the database with SSL enabled. When connecting to GaussDB databases, you need to disable SSL (sslmode) on DBeaver.

  • The client tool can be invoked only through SsoDBSettings.
  • Only some database clients can be invoked through an SSO tool. For details, see the following table.
    Table 1 Supported database protocols, versions, and clients

    Database Type

    Version

    Supported Client

    MySQL

    MySQL 5.5, 5.6, 5.7, and 8.0

    Navicat 11, 12, 15, and 16

    MySQL Administrator 1.2.17

    MySQL CMD

    Microsoft SQL Server

    2014, 2016, 2017, 2019, and 2022

    Navicat 11, 12, 15, and 16

    SSMS 17.6

    Oracle

    10g, 11g, 12c, 19c, and 21c

    Toad for Oracle 11.0, 12.1, 12.8, and 13.2

    Navicat 11, 12, 15, and 16

    PL/SQL Developer 11.0.5.1790

    DB2

    DB2 Express-C

    DB2 CMD command line 11.1.0

    PostgreSQL

    11, 12, 13, 14, and 15

    DBeaver 22 and 23

    GaussDB

    2 and 3

    DBeaver 22 and 23

    • You need to download the database versions supported.
    • If you need to use an SSO tool to perform O&M on PostgreSQL and GaussDB databases, add the sslmode attribute to the connection attributes in Database > Driver Manager and save the value as disable.
    • The SsoTool.msi remote tool can be installed only in the default path C:\sso\SsoTool. If you install it in other paths, the tool may fail to be started.

Prerequisites

  • You have the management permissions for the Host Operation module.
  • You have obtained the access permissions for the resources.
  • You have installed the client tool.
  • The network connection between the managed host and the system is normal, and the account username and password for logging in to the managed host are correct.

Procedure

  1. Log in to your bastion host.
  2. Choose Operation > Host Operations to go to the Host Operations page.
  3. Select a host resource of the database protocol type and click Login.

    • When you first time log in to the database, you will see the SsoDBSettings download window.
    • The download tool varies depending on the bastion host version you are using.

      For example, if you are using version 3.3.44.0, SSO tool Windows and UOS (Arm) are provided. You can select either of them from the drop-down list.

  4. Select the client tool that has been installed and click OK.

    The local database client is automatically invoked.

  5. Log in to the database for operations.

Configuring the SSO Client

The following uses the Navicat client as an example to describe how to configure the client path.

  1. Start local SSO tool SsoDBSettings.
  2. Click the path configuration icon next to Navicat Path.
  3. Find the absolute path where the Navicat client is installed, select the .exe file, and click Open.
  4. Go to the SsoDBSettings SSO tool configuration page and view the selected Navicat client path.
  5. Click Save to return to the Host Operation page in your bastion host. Then, you can log in to the database.