With the increasing stats of cybercrimes, continuous development of the latest authentication schemes is emerging to tackle the rising cyber threats. Custom Database aka Database as Authentication Source is one such authentication method that’s gaining popularity, thanks to the benefits it offers. Let’s take a glance at what’s it, How it works, its pros and cons, and Why is it gaining popularity?
What is a Custom Database Connection?
Custom Database Connection means linking your Database or User store with any Identity Platform for user authentication. With this connection, you create an interface between Database and Identity Provider, which lets Database act as an Identity Provider for user authentication. Here you would possibly be thinking of migrating your users from Database (MySQL, PostgreSQL, etc) to IDP, and its consequences? But with miniOrange, you don’t have to move user Identities from your existing Database to IDP. The database connection is handled with API endpoints which helps to provide authentication services without migrating your identities.
In most cases Custom Database is employed by Organizations for the following purposes:
To Authenticate: Integrate Database as IDP (Identity Provider) to authenticate users.
To Migrate: To migrate your users from existing databases/ user stores for authentication processes.
Database Authentication by miniOrange is handled by 2 specific features:
- Auto-Sync users with existing Database
- Without migrating your users
1. Auto-Sync users with existing Database
In the following use-case, whenever a user tries to log in for the first time a new record is made within the miniOrange platform, without storing the user’s password. Here on, miniOrange auto-syncs a new user identity together with your local custom database to take care of user tracking for further authentication. You don’t have to make an additional effort to move new user identities from IDP to Database whenever a user logs in.
For future authentication of users, miniOrange will always use the existing database/identity store and respective identity it contains while authenticating the user.
2. Without migrating your users
In this use case, whenever a new user login for the first time miniOrange automatically creates a user’s Identity in an Identity source which is handled by miniOrange. But before authenticating the user miniOrange ensures the user must be successfully authenticated against the legacy identity store (Your own Database), then only the user profile is going to be created in the miniOrange Identity Platform. The new users are going to be created using an equivalent id and password that was provided by the user during authentication.
How does Custom Database Connection work?
Custom Database connections act as a comprehensive login system so as to get user identity information from your own Database (legacy identity store) to authenticate users. It starts with a process of integrating a database with IDP which creates an interface between your IDP and Database. IDP, after connecting, lets the Database act as an Identity Source to authenticate users once a user logs in or SSO into an application or website. Despite acting as an Identity Source, the Identity platform authenticates the user using their email ID/Username and password stored during a custom database configured within the IDP. When a user tries to SSO/login into the service using their credentials, a scripted query is implemented by the configured IDP on the corresponding Database to see the entered login credentials. If a match of the login credentials is found within the database, the user is authenticated and a session is made within the IDP. Here on, users can Single Sign-On into any of the applications which are configured with their IDP.
Custom Databases are often any of your SQL Server, MySQL server on the other management system during a local environment. Similarly, in API as Authentication Source the users are authenticated using their email ID/Username and password stored during a custom database. The sole difference here is that rather than configuring the custom database within the IDP, API endpoints are configured within the IDP. This helps the user to authenticate the user without exposing the database to IDP.
miniOrange provides a special provision to authenticate your Users in two variant ways :
- Using your own organizational user store / Database
- Using miniOrange as user store / Database
1. Using your own user store
If you’ve got an existing user store or wish to store user credentials on your own server without moving user identities, miniOrange enables you to attach to a custom database or repository and use it as the identity provider. With this, your database remains private within the organization’s premises providing user authentication services. miniOrange uses the database just for authentication purposes, other crucial information stays within the database, maintaining the user privacy and avoids moving the user’s data to any third-party application.
If there’s a requirement to send another attribute during authentication of the user data is directly picked from the database without getting saved in miniOrange and obtained to the respective application.
Essentially, you can connect to any kind of database or web service with miniOrange’s Custom Database Connection. miniOrange allows you to make Custom Database connections for many of the commonly-used databases, including:
- Oracle DB
- Maria DB
- SQL Server
- Windows Azure SQL Database
- Web services accessed via Basic Auth
2. Using miniOrange as user store (miniOrange as IDP)
In this use case, miniOrange provides a secure database infrastructure for organizations to store users’ data. Here on when an existing user tries to log in to a specific service, it coordinates with the database for authentication. But when a new user tries to access data the user profile is made in miniOrange which auto-syncs with the organizational premise database. Using miniOrange as IDP organizations can easily authenticate their users since all data is stored in miniOrange.
Considering security, Passwords are never stored by miniOrange IDP. Alongside IDP services, varying levels of security requirements also can be enforced for User Authentication which includes: Strong Password, Adaptive Authentication, Multi-Factor Authentication, etc.
Pro’s and Con’s of integrating Database as Identity Source
|Security – As user information is stored in organizational premises only, no data is shared with third-party applications. This minimizes the danger of security loopholes.||Dependency on Application security –
As IDP handles the general process, reliability on IDP increases.
|No migration needed – As authentication directly occurs through your database/user store itself, there’s no need to migrate your users into IDP for authentication.|
|Easy On-boarding/Off-Boarding – As the user’s information is stored and interlinked with the user-store, you can add/remove users accordingly.|
|Minimized disturbance or inconvenience – As users don’t have to create new accounts or find a replacement environment within the IDP for authentication, they will continue working with any disturbance.|
|Privacy – miniOrange keeps no stone unturned to the very fact that your user confidential data remains private to your own database.|
Some of the vendors which provide Custom Database as Authentication source :
1. Auth0 :
Here Database as an authentication source is only available in the enterprise plan.
2. miniOrange :
With miniOrange there is no such limitation or restriction. You can easily opt for the services at a minimum cost.
If you are looking to integrate Custom Database as an authentication source, contact us at firstname.lastname@example.org. We will be happy to assist you.