3 Replies Latest reply on Sep 24, 2020 9:47 AM by dan.smith@informatica.com

    MFA/2FA with CDC for oracle

    Lakhwant Singh Seasoned Veteran



      I have come across a requirement where the source Oracle system, for which I have to implement Informatica CDC, has sensitive data and 2FA/MFA has to be enabled before CDC can connect to this DB.


      I have got such a requirement for the first time. Till now I have implemented CDC for other DBs but that didn't require MFA.


      If anyone is aware if this is possible with CDC or not, please help.


      dan.smith@informatica.com - As usual, tagging you for some guidance.




        • 1. Re: MFA/2FA with CDC for oracle
          dan.smith@informatica.com Guru

          I suppose the first thing to point out is the difference between person-ids and application-ids.


          For my personal login, INFA uses OKTA.  I have to login to OKTA, and it pings my cellphone, and I have to respond within a certain amount of time, saying that "yes, that was me", or my login is denied.


          For application-ids, you can't do that.  There isn't a person to respond.  This is one software package talking to another software package.  No cellphone, no radio token, nothing like that.  You literally can't do that kind of authentication.


          The second thing to point out is frequency.  These are automated routines that run day and night, with multiple iterations.  You don't *want* human responses in the way of them running.

          You need to establish some kind of trusted relationship where if they meet whatever criteria is set, they just run.

          • 2. Re: MFA/2FA with CDC for oracle
            Lakhwant Singh Seasoned Veteran

            Thanks Dan!

            So, when we come to trusted relationship, I assume certificates can be one option. What I understand is CDC connects to Oracle DB via SQLNet. So, will it be responsibility of the Oracle client to establish trusted relationship with DB server using certificates? Or Informatica CDC has any role to play in this?

            • 3. Re: MFA/2FA with CDC for oracle
              dan.smith@informatica.com Guru

              PWX Express CDC for Oracle uses the local Oracle client (CLI) to talk to both Oracle DB and Oracle ASM.

              If you have Oracle kerberized, then that is invisible to PWX, because that occurs between the Oracle client and the Oracle DB (or ASM).