Skip to main content

SQL Server Connector

Introduction

Description

The SQL Server connector allows an easy way to configure and manage Microsoft SQL Server relational databases.

Managed System

This connector is specific for integration with the Microsoft SQL Server.

 

For more information to check if your system may be synchronized with this connector, do not hesitate to contact us through our Contact form

We can also manage more relational databases, for more information you can check the List of relational databases.

Prerequisites

It is needed a user with access and permissions to the schemes and tables required in the scope of the integration.

Download and Install

This addon is located in the Connectors section and its name is SQLServer.

 

For more information about the installation process, you can visit the Addons Getting started page.

Agent Configuration

This connector could manage User and Role objects.

Basic

Generic parameters

After the installation of the addon, you may create and configure agent instances.

To configure this SQL  Server connector you must select "SQLServer agent" in the attribute "Type" of the generic parameters section in the agent's page configuration.

For more information about how you may configure the generic parameters of the agent, see the following link: Agents configuration

image-1704443217219.png

Custom parameters

Below there are the specific parameters for this agent implementation:

Parameter

Description

User 

Database user name to authenticate

Password

The password of the database user

Connection string to database

URL that identifies the connection properties. Please refer to the specific database vendor documentation to build this URL.


jdbc:sqlserver://<HOST>;databaseName=<DATA_BASE>

Create agents for each database

Select the Yes value if you want to create an agent for each database found by the Reconcile process.
Enable debug

Two options: Yes, and No.

It enables or not more log traces in the Synchronization Server log

image-1704443534381.png

Load triggers

You can define JavaScript or BeanShell scripts that will be triggered when data is loaded into Soffid (incoming triggers). The trigger result will be a boolean value, true to continue or false to stop.

Triggers can be used to validate or perform a specific action just before performing an operation or just after performing an operation into Soffid objects. 

To view some examples, visit the Incoming triggers examples page.

Access Control

SQL Server connector can establish an access control for SQL Server Users.

If the access control checkbox is enabled, only the users and applications that are listed on the access control page will be allowed to log in. So, you can restrict the IP address,  the user roles, and the applications a user can connect from.

This restriction does not apply to DBA users.

image-1705657815212.png

When the Enable access control to the database check box is checked, the UpdateAccessControl task will be launched. The following tables will be created on the SQL Server:

  • SC_OR_ACCLOG: access log
  • SC_OR_CONACC: rule access control
  • SC_OR_ROLE: user roles.
  • SC_OR_VERSION: connector versions.

When you try to connect to SQL Server, the logon_audit_trigger is launched to check if you have access or not.

You can check the Access Logs page for access controls.

Account metadata

Agents allow you to create additional data, on the "Account metadata" tab, to customize the accounts created for that agent. This additional information will be loaded with the agent's information, or calculated as defined in the mappings.
The additional data can be used in both mappings and triggers.

The attributes that you define here will be shown when you click on the proper account, on the Accounts Tabs on the user page.

Operational

Monitoring

After the agent configuration you can check on the monitoring page if the service is running in the Synchronization Server, please go to:

  • Start Menu > Administration > Monitoring and reporting > Syscserver monitoring

Tasks

Authoritative

If you checked "Authorized identity source", an automatic task to load identities from the managed system to Soffid is available, please go to:

  • Start Menu > Administration > Monitoring and reporting > Scheduled tasks

And you will do something like "Import authoritative data from <AGENT_NAME>".

Reconcile

To manage an automatic task to synchronize user objects from the managed system to Soffid is available, please go to:

  • Start Menu > Administration > Monitoring and reporting > Scheduled tasks

And you will do something like "Reconcile all accounts from <AGENT_NAME>".

Synchronization

Regarding the synchronization of the objects, there are two possible options:

  • If you check the generic attribute "Read Only" in the "Basics" tab, only the changes in the managed systems will be updated in Soffid. We recommend these options until the global configuration of Soffid is tested.
  • If you do not check the generic attribute "Read Only" in the "Basics" tab, all the changes in Soffid or the managed system will be updated in the other. Note that this synchronization must be configured in the "Attribute mapping" tab correctly.

For more information about how you may configure the generic parameters of the agent, see the following link: Agents configuration