TOAD for Oracle

Add TOAD for Oracle to your desktop app catalog to allow Privileged Access Service administrators to configure which users are allowed to connect to database instances that reside on a remote application host system. Users can log in to remote desktop applications with specified credentials and without having to checkout a password. Centrify lPrivileged Access Service uses standard command-line architecture to pass account parameters and credentials to desktop applications running under remote desktop services. Additionally, detailed information about user activity on the host application system can be captured on the systems you choose to audit.

TOAD for Oracle prerequisites

Before you configure Desktop Applications in the Admin Portal for remote access, you need to make sure your environment meets the following requirements:

  • A standalone Windows Server with Remote Desktop Services deployed. In Remote Desktop Services, you need to:
    • Publish the desktop application to your remote desktop collection.
    • Configure desktop application parameters to Allow any command-line parameters. This enables the Privileged Access Service command line functionality.

    Note:   Centrify recommends that you do not run remote desktop services on the same Windows Server that includes the Centrify Connector.

  • One or more of the following Privileged Access Service administrator rights to access the Apps tab in Admin Portal (also see Admin Portal administrative rights):

    • Privileged Access Service User
    • Privileged Access Service Power User
    • Privileged Access Service Administrator
  • The application host must have View permission.
  • Application Management administrator right to access Apps > Add Desktop Apps.
  • Desktop App administrator has Grant permissions for account objects that are specified as arguments in a command line.
  • If you configure the remote desktop app host login to use Shared account credentials, the Desktop App administrator must have Grant permission for the user associated with the Shared Host Login account.
  • An Oracle database account that can connect to the target Oracle database.

Configuring TOAD for Oracle

The following steps are specific to this application and are required in order to manage application access to TOAD for Oracle.

  1. In the Admin Portal. click Apps, and then Desktop Apps to add the SQL Server Management Studio application.
  2. Click Add Desktop App to open the Add Desktop Apps wizard.
  3. Next to the application you want to add, click Add.

    You can also use the Search tab to find an application. Enter the partial or full application name in the Search field and click the search icon.

  4. In the Add Desktop App screen, click Yes to confirm.

  5. Click Close to exit the Application Catalog.

    The application that you just added opens to the Application Settings page.

  6. On the Application Settings page, specify the following settings:

     

    Option

    Description

    Application Host

    To add an application host system with a database instance:

    1. Click Select next to the Application Host text box to select the relevant remote host system.
    2. Start typing the system name into the search box and select the system you want to add.

      Systems that you have View rights to are displayed.

    3. Click Done.

      The relevant remote host system is displayed in the text box.

    Host Login Credentials

    Select one of the following log in methods to be used when launching the RDP connection to the application host system:

    • User's Active Directory credential

      Select this option to allow users to log in to the application host system using their AD credentials. To configure this option you also need to make sure that Securely capture users passwords at login is enabled in Settings > Authentication > Security Settings.

    • Select Alternative Account

      Select this option to allow users to log in to the application host system using their alternative account. If only one alternative account is available, then selecting Launch from the Admin Portal proceeds directly to a login screen. If more than one alternative account is available, you need to first select which account to use to log in to the application host system, and then click Continue. For information on alternative accounts, see Discovering alternative accounts.

    • Prompt for username and password

      Select this option to allow users to log in to the application host system using their own Windows credentials. Selecting Launch from the Admin Portal, prompts the user for their Windows User Name and Password.

    • Shared Account

      Select this option to allow users to log in to the application host system using shared accounts. Administrators must have the Grant permission for the shared account in order to configure the account for access. Selecting this option means that all users use the same shared account in order to access the application host system. Centrify recommends that you use a different Windows account for each Desktop App configuration using a shared account to avoid session conflicts.

      1. Click Select next to the Shared Account text box to select the relevant account.

      2. Start typing the system name into the search box.

        Available shared accounts are displayed.

      3. Select the shared account you want to have access to the host system.

      4. Click Done.

        The shared account is displayed in the text box.

  7. Locate the Alias name in the remote desktop server (Server Manager > Remote Desktop Services > Alias column) for the published application and enter the information into Application Alias field in the Admin Portal.

    Note:   The default setting for TOAD for Oracle is Toad. If your configuration does not use the default alias, you will need to modify the default setting to reflect your configuration.

  1. (Optional) Select the database and user account arguments to be used in the command line when launching the application host system.

    These arguments instruct the application host system how to access the application and replace the placeholders in the command line string below.

    Argument

    Description

    database

    To configure the database argument:

    1. Click Select in the database row to select the relevant database.
    2. Start typing the database name into the search box.

      Available databases are displayed.

    3. Click the database that you want to access.
    4. Click Select.
    user

    To configure the user argument:

    1. Click Select in the user row to select a relevant user account.

    2. Start typing the account name into the search box.

      Available user accounts are displayed.

    3. Click the user name that you want to have access to the application host system.

    4. Click Select.

  2. (Optional) Enter command line arguments for {user.User}/{user.Password}@{database.FQDN}:{database.Port}/{database.ServiceName} in the command string.

    Linked object placeholders are available and are displayed as {argumentName.linkedObjectAttribute}.

    This field, when configured with the command line arguments, passes the credential and target database information to the desktop application on how to launch and log in to the application host system. Use the command line arguments in the field above to replace the placeholders in the string provided. When you launch the application the placeholders are replaced with the specified database and user arguments.

  3. (Optional) On the Description page, you can:

    • Add a unique name and description for each supported language instance.
    • Change the name, description, and logo for the application.
  4. Configure the following Desktop App pages as needed. Click Save at the bottom of each page to save your changes.

For information on actions available for Desktop Apps, see Selecting actions for desktop apps.