Skip to main content

Connecting Oracle Databases

Status: Draft Updated: 06 Nov 2025

MyPass Password Manager integrates seamlessly with Oracle databases, enabling secure password reset and synchronization for internal database users. This includes native Oracle users or users residing in custom tables. The integration extends self-service capabilities directly to Oracle Instances while maintaining Active Directory as the authoritative source.

Users benefit from instant password resets via the MyPass self-service portal or Windows pre-login client, with changes securely applied to Oracle. This unified approach enhances security, reduces help desk load, and supports compliance across hybrid environments. This connector is made possible via the MyPass Password Synchronization Module.

Quick Implementation Pointers

Supported Operations

  • Reset passwords for native Oracle users or table-based authentication
  • Synchronize passwords from Active Directory to Oracle
  • Abort transactions gracefully if target user does not exist (error code 2)
  • Log operations securely without exposing sensitive data

Network and Infrastructure Prerequisites

To ensure successful integration, the following must be in place:

  • Oracle Database: Version 2005 or newer, with appropriate encodings and languages configured.
  • FastPass Gateway Server: Windows Server with network access to Oracle (TCP port 1521 by default).
  • Oracle Instant Client: Basic edition installed on the Gateway Server. → Download: http://www.oracle.com/technetwork/database/features/instant-client/index-097480.html
  • Privileged Account: Must have ALTER USER rights (for native users) or equivalent table update permissions.
  • Network Connectivity: TCP access from Gateway Server to Oracle listener; optional encryption via Oracle configuration.
  • Firewall Rules: Allow outbound TCP to Oracle port (default 1521); use dedicated Gateway Server in DMZ for enhanced security.

Required System Parameters

Configure these in the Password Manager Administration Client to establish connectivity:

ParameterDescription
HostnameFully qualified hostname, hostname, or IP address of the Oracle server.
PortListener port for the instance (default: 1521).
DatabaseName of the database containing the stored procedure.
Stored ProcedureName of the PL/SQL procedure to execute (e.g., FPC_PasswordReset_ForDatabaseUsers).
AccountPrivileged account with rights to execute ALTER USER or update user tables.
PasswordPassword for the privileged account.
Oracle Path on GatewayFull path to the Oracle Instant Client bin folder (e.g., C:\oracle\instantclient_19_11).

These parameters construct a valid Oracle Connection String.
All values are stored in AD LDS; sensitive data (account, password, connection string) is strongly encrypted.

Install Oracle Instant Client

  1. Download the Basic Package from Oracle.
  2. Extract to a directory on the Gateway Server (e.g., C:\oracle\instantclient_19_11).
  3. Add the bin folder to the system PATH environment variable.
  4. Restart the FastPass Gateway service.

Only the Basic edition is required. No additional licensing needed for connector use.

Deploy Sample Stored Procedures

FastPass includes three ready-to-use SQL scripts located at:
<INSTALLPATH>\FastPassCorp\FastPassGateway\bin\ConnectorOracle\

ScriptUse CaseProcedure Name
FPC_PasswordReset_ForDatabaseUsers.sqlNative Oracle users (out-of-box; requires ALTER USER rights)FPC_PasswordReset_ForDatabaseUsers
FPC_PasswordReset_ForTableUsers.sqlCustom table-based users (includes sample table creation)FPC_PasswordReset_TableUser
FPC_PasswordReset_EBSUser.sqlOracle E-Business Suite (EBS) integration(EBS-specific)

Installation Steps

  1. Connect to the target Oracle database using:
    • Oracle SQL Developer
    • Application Express SQL Workshop
    • Command-line SQL*Plus
  2. Execute the desired .sql script.
  3. Grant EXECUTE on the procedure to the privileged connector account.

For EBS: Use FPC_PasswordReset_EBSUser.sql only.

Configure User Repository

  1. Open Password Manager Administration Client.
  2. Create a new User Repository of type Oracle.
  3. Enter the connection parameters above.
  4. Default Mapping: Uses source username (typically from Active Directory).
    • User exists → password reset
    • User missing → returns error code 2 → transaction aborted
  5. For non-matching usernames, disable default mapping and define custom user mappings.

Logging and Monitoring

  • Log File: <installdir>\FastPassCorp\logs\Gateway-UserRepository-Oracle.log
  • Default Level: Debug
  • Customization: Modify via Windows Registry
  • Security: No passwords or sensitive data logged

Production Readiness

  • Tested Compatibility: Oracle 2005+, all encodings/languages
  • Performance: High-throughput, stable under enterprise load
  • Scalability: Supports multiple Oracle instances from one MyPass deployment

Specifications subject to change without notice.

Licensing – Simple Summary

What you pay forHow it’s calculated
Active Directory (required)One fee per managed user
Each additional system (Oracle Database)Additional fee per managed user × per Oracle database instance / SID

Real-world example
If you manage 900 users:

  • Active Directory → 900 × base user license
    • 6 Oracle database instances (e.g., Prod ERP, Prod BI, Test, Dev, Reporting, DR) → + 5 400 × Oracle connector user license (900 users × 6 instances)
  • Total = base AD license + Oracle connector license for 5 400 “user-instance” seats

Clear and straightforward - you are charged only for the Oracle database accounts MyPass actually rotates in each instance.