Documentation

Introduction

Use this guide along with the Data Tab Configuration guide to configure a SQL Server-integrated SecureAuth IdP realm. 

NOTE: If connecting SecureAuth IdP to SQL Server User Data Store using Windows Authentication, click here to view the instructional PDF.

Prerequisites
  • An on-premises SQL Server data store
  • A service account with read access (and optional write access) designated for use by SecureAuth IdP
SQL Server Configuration Steps

Datastore Type

1. Select SQL Server from the Type dropdown

Datastore Credentials

If using CyberArk Vault for credentials, then enable Use CyberArk Vault for credentials and follow the steps in CyberArk Password Vault Server and AIM Integration with SecureAuth IdP

With this feature, steps 2 and 3 are not required

2. Provide the User ID of the SecureAuth IdP Service Account

3. Provide the Password associated with the User ID

DataStore Connection

4. Provide the Fully Qualified Domain Name (FQDN) or the IP Address in the Data Source field

5. Provide the Database Name in the Initial Catalog field

6. Select True from the Integrated Security dropdown if the IIS app pool's service account is to be used in the connection (see Integrated Auth Requirements below)

Select False to specify a SQL service account instead
 

Integrated Auth Requirements

1. Join the server to the domain to utilize a domain service account

2. In IIS, set the application pool Identity for both the .NET v4.5 and SecureAuth0 app pools to use the preferred service account; and set Load User Profile to True

3. Make the service account a member of the local administrators group of the SecureAuth IdP server(s)

4. Perform an IIS reset after making the changes

7. Select True from the Persist Security Info dropdown if access to the username and password information is allowed

8. Click Generate Connection String, and the Connection String auto-populates

9. Select how the Service Account Password is to be stored in the directory from the Password Format dropdown

Group Permissions

10. Create a list of Allowed Groups that can access the target resource of this realm, e.g. Admins

11. Create a list of Denied Groups that cannot access the target resource of this realm

12. Set the Max Invalid Password Attempts before the user's account is locked

Stored Procedure Configuration

13. Provide the Stored Procedure Name for Get User SP

14. Provide the Stored Procedure Name for Validate/Get Password SP

15. Provide the Stored Procedure Name for Reset Password SP

16. Provide the Stored Procedure Name for Create User SP

17. Click Test Connection to ensure that the connection is successful

If using a Custom Connection String and experience an error when testing the connection, then refer to the Custom Connection String Error section below for a workaround

Refer to Data Tab Configuration to complete the configuration steps in the Data tab of the Web Admin

Custom Connection String Error


If manually entering a custom connection string, an error may occur when testing the connection, which hinders the SQL Server to successfully integrate with SecureAuth IdP

This error may occur only if Custom Connection String is checked, the Connection String is manually entered into the field rather than generated by the Web Admin, and the fields that comprise the generated Connection String are left empty / default

Workaround
System Info

 

1. In the Links section, select Click to edit Web Config File

Web Config Editor

 

2. Search for SQLServer and manually enter the connection string into the web.config file

3. Click Save

This enables a successful connection; however, clicking Test Connection in the Data tab may still yield an error