Logging In to and Maintaining Database Resources Using an SSO Client

Constraints

• The database operation audit is available only in professional editions.
• Only MySQL, SQL Server, Oracle, DB2, PostgreSQL, and GaussDB databases can be managed.
  

  A bastion host cannot verify the database with SSL enabled. When connecting to GaussDB databases, you need to disable SSL (sslmode) on DBeaver.

• The client tool can be invoked only through SsoDBSettings.
• Only some database clients can be invoked through an SSO tool. For details, see the following table.

  Table 1 Supported database protocols, versions, and clients

  Database Type	Version	Supported Client
  MySQL	MySQL 5.5, 5.6, 5.7, and 8.0	Navicat 11, 12, 15, and 16 MySQL Administrator 1.2.17 MySQL CMD
  Microsoft SQL Server	2014, 2016, 2017, 2019, and 2022	Navicat 11, 12, 15, and 16 SSMS 17.6
  Oracle	10g, 11g, 12c, 19c, and 21c	Toad for Oracle 11.0, 12.1, 12.8, and 13.2 Navicat 11, 12, 15, and 16 PL/SQL Developer 11.0.5.1790
  DB2	DB2 Express-C	DB2 CMD command line 11.1.0
  PostgreSQL	11, 12, 13, 14, and 15	DBeaver 22 and 23
  GaussDB	2 and 3	DBeaver 22 and 23

  

  • You need to download the database versions supported.
  • If you need to use an SSO tool to perform O&M on PostgreSQL and GaussDB databases, add the sslmode attribute to the connection attributes in Database > Driver Manager and save the value as disable.
  • The SsoTool.msi remote tool can be installed only in the default path C:\sso\SsoTool. If you install it in other paths, the tool may fail to be started.

Prerequisites

• You have the management permissions for the Host Operation module.
• You have obtained the access permissions for the resources.
• You have installed the client tool.
• The network connection between the managed host and the system is normal, and the account username and password for logging in to the managed host are correct.

Procedure

1. Log in to your bastion host.
2. Choose Operation > Host Operations to go to the Host Operations page.
3. Select a host resource of the database protocol type and click Login.
   

   • When you first time log in to the database, you will see the SsoDBSettings download window.
   • The download tool varies depending on the bastion host version you are using.

     For example, if you are using version 3.3.44.0, SSO tool Windows and UOS (Arm) are provided. You can select either of them from the drop-down list.

4. Select the client tool that has been installed and click OK.

   The local database client is automatically invoked.

5. Log in to the database for operations.

Configuring the SSO Client

The following uses the Navicat client as an example to describe how to configure the client path.

1. Start local SSO tool SsoDBSettings.
2. Click the path configuration icon next to Navicat Path.
3. Find the absolute path where the Navicat client is installed, select the .exe file, and click Open.
4. Go to the SsoDBSettings SSO tool configuration page and view the selected Navicat client path.
5. Click Save to return to the Host Operation page in your bastion host. Then, you can log in to the database.