Subscription Linking
Learn how to link your Azure subscriptions to OracleDB for Azure.
For guided onboarding, OracleDB for Azure offers a partially automated subscription linking process. In this process, the user logs in to the OracleDB for Azure Portal, then follows instructions to complete a series of steps:
- Logs into the Azure Portal and grants the currently logged in user the OracleDB for Azure Multicloud Link Administrator role (odsa-multicloud-link-administrator). This grants the user the rights they need to update the multicloud link configuration with the linked Azure subscription configuration details.
- In the Azure portal, grants the Oracle Database Service (ODS) enterprise application three roles (Contributor, Network Contributor, Monitoring Metrics Publisher) in each subscription being linked to ODSA
- In the OracleDB for Azure Portal, the user logs out of the portal and then log back in again, so that OracleDB for Azure recognizes the new role assignment.
- The user refreshes the list of available Azure subscriptions (the ones OracleDB for Azure can now access because of the recent role assignments).
- For each listed subscription being linked, select the subscription from the list, then click the Link Subscription button to link the selected subscription to OracleDB for Azure.
During this process, OracleDB for Azure adds each linked subscription to the multicloud link configuration.
After you complete the steps above, OracleDB for Azure is fully operational. Authorized users can use the OracleDB for Azure portal to deploy and provision OracleDB for Azure databases and infrastructure for use in their Azure environment.
Instructions
To deploy OracleDB for Azure, the Azure user that is being used to deploy the service must have at minimum the Multicloud Link Administrator Azure ARM role. This role provides permission for the cross-cloud linking between your Azure and OCI accounts can be completed. In some accounts, this role may be called the Cloud Link Administrator role.
For more information on ARM roles used by OracleDB for Azure users, see To assign OracleDB for Azure enterprise application ARM roles to users.
- Navigate to the Azure portal at https://portal.azure.com. If you are not already authenticated with Azure, provide your login credentials.
- Under Azure services, click Azure Active Directory.
- Under Manage, click Enterprise applications.
- In the list of enterprise applications, click on the name of the Oracle Database Service application to load the application's Overview page.
- Under Manage, click Users and groups.
- Select the users you want to manage by clicking the checkbox beside the user name.
- Click Edit.
- On the Edit Assignment page, under Select a role, click None Selected to open the Select a role panel.
- Select the "ODSA Multicloudlink Administrator" or "Cloudlink Administrator role, whichever is available in your account.
- Click Select. The Edit Assignment page displays.
- Review the assignment information, then click Assign to complete the assignment.
What's Next?
Link one or more of your Azure subscriptions to OracleDB for Azure in the Azure portal. See To link Azure subscriptions to OracleDB for Azure.
To link an Azure subscription to OracleDB for Azure, you must do the following:
- In the Azure portal, assign the following ARM roles to the "Oracle Database Service" enterprise application within each subscription you want to link: "Contributor", "Network Contributor", "Monitoring Metrics Publisher", "Event Data Sender".
- Complete the linking process in the OracleDB for Azure portal on the Azure Subscription Management page by clicking the Link this subscription link in the list of subscriptions accessible in OracleDB for Azure.
Assign ARM Roles to the Oracle Database Enterprise Application in Your Azure Subscriptions
- In the OracleDB for Azure portal, under Step 2: Link your subscriptions (required), click Get started.
- On the Instructions panel, click Continue to ARM role configuration. You will be taken to the Azure portal at https://portal.azure.com. If you are not already authenticated with Azure, provide your login credentials.
- Under Azure services, click Subscriptions.
- In the list of subscriptions, click on the name of the subscription you want to manage to see details about the subscription.
- Click Access control (IAM) in the left panel.
- In the panel displaying the subscription details, click + Add under the name of the subscription, then click Add role assignment.
- On the Add role assignment page, select the Role tab if it is not already selected.
- Search for the "Contributor" role in the search box.
- Find the role in the list of search results and click the list entry to select the role.
- Click the Members tab and check the Selected role field to make sure your selected role is displayed.
- Click + Select members.
- In the Select members panel, use the search box to search for "Oracle Database Service," then click "Oracle Database Service" to select it. The entry is added to the Selected members list at the bottom of the panel.
- Click the Select button at the bottom of the panel to close the panel.
- In the Assign access to field, select User, group, or service principal.
- Click Review + assign and review the assignment details.
- Click the Review + assign button to confirm the assignment.
- Repeat these steps for the "Monitoring Metrics," "EventGrid Data Sender," and "Network Contributor" roles
- Repeat steps 2-16 for each additional subscription you want to link to OracleDB for Azure.
Link Subscriptions in the OracleDB for Azure Portal
- In the OracleDB for Azure portal, under Step 2: Link your subscriptions (required), click the Get started button.
- On the Azure Subscription Management page, click the Refresh list link to see the list of Azure subscriptions that you configured using the steps above in Assign ARM Roles to the Oracle Database Enterprise Application in Your Azure Subscriptions above.
- Click the Link this subscription link for each Azure subscription that you want to link to Oracle Database Service for Azure.
What's Next?
As the OracleDB for Azure administrator, you can now assign Azure users to the OracleDB for Azure user groups created for you during the account linking process. See Adding OracleDB for Azure Users in Azure After Completing Your Sign Up for more information.
Optionally, you can enable identity federation using Azure Active Directory as your identity provider. See Identity Federation for more information.