1 Like
This depends on what is your minimum business requirements that you want to achieve here.
As I understand from your description, if its just review of the Oracle DB IDs that you want to achieve and not access request/provisioning from SailPoint - you should be able to build something outside SailPoint that can talk to all these DB and dump the DB ID along with their access in file. The file then can be simply onboarded to SailPoint using delimited connector and you can do access review. You will process revokes from access review through either workitem or some kind of Service desk integration (better if you already have this in place).
If you need full fledged application management for these DB application (read full JML scenarios) then this would be quite complex.
Hello @sanjaysutarc , thanks for response. Our requirement is to perform full fledged application management, being 1000+ DBs in the environment looking for a solution or design that helps to onboard all of them under one Application not create 1000+ applications in SailPoint. As i was reading/reviewing the scenarios, only better option looks like to build a custom connector or write all data to a common DB/table use that as an application in SailPoint.
Hi Srinivasulu
I understand from your context that you are trying to avoid 1000+ Oracle DB instances >>>1000+ IIQ Applications.
Technically, the connector type is one, but connector instances are many.
With Oracle DB Direct , IIQ normally needs a separate Application definition per DB endpoint because each DB is its own independent target: different host/service, creds, and operational isolation. Trying to force “all DBs as one Application” isn’t how the Direct connector model is designed to work.
If you still try to collapse them into “one Application,” you end up rebuilding the missing pieces yourself (routing to the right DB, retries, error isolation, auditability, entitlement uniqueness, etc.) — basically a custom platform.
So what SailPoint-aligned architecture usually looks like for your requirement (full JML / provisioning):
1. Keep “1 Application per DB” (recommended boundary), but remove manual work
• Use Application Builder to bulk create/update hundreds/thousands of Applications from a CSV, and run aggregation in controlled batches so you don’t hammer IIQ or the DB estate all at once.
2. If your real goal was governance-only, you could aggregate all DB users/privs externally into a file and onboard via a simple source — but you already confirmed you need full application management / JML, so that approach won’t satisfy your requirement.
3. Only if you have it: ask your CSM about Multi-Connector Adapter (MCA)
• It’s often mentioned for consolidating many similar endpoints under one approach, but it’s not the default behavior of Oracle DB Direct and typically requires SailPoint guidance/licensing.
4. Broker pattern (custom) — last resort
• A single “broker” service that IIQ provisions to, and the broker fans out to the right Oracle instance. This can work, but it’s custom engineering and you own the operational risk.
In brief : For full JML/provisioning, the scalable SailPoint direction is not “one Application for 1000 DBs”. It’s many Applications, but created/operated in bulk (Application Builder + batching/scheduling) so it’s operationally manageable.
You may refer to the below resources for further details
• IdentityIQ docs — Application Builder (bulk create/update applications from CSV + aggregation options):
• https://documentation.sailpoint.com/identityiq/help/tasks/task_types/app_builder.html
• SailPoint Community FAQ — automate application onboarding (IdentityIQ):
• https://community.sailpoint.com/t5/Customer-Success-Engineering-FAQ/How-can-we-automate-application-onboarding-in-IdentityIQ/ta-p/236420
• Dev Community discussion mentioning MCA / multi-endpoint considerations:
• https://developer.sailpoint.com/discuss/t/how-to-manage-many-databases-of-same-connector-type/23919
We have implemented this usecase where we had 10k Oracle Databases and we have to keep this application as a single App in IIQ.
Initially, We have also implemented this as a custom connector but it was giving us some problems.
So, we implemented the code in a generic Oracle DB connector and in the rules like provisioning rule and other customisation rule, we wrote all the logic. We used multithreading for that.
Thanks
1 Like
Suggestion would be.
- You can use a Oracle Db application as a group and that group can be assigned to the user.
- One Application will store all these oracle db host as a group in the application.
Thanks
You may want to take a look at the “Multi-Connector Adapter for IdentityIQ” which provides a “Multi - Oracle Database - Direct" template solution to configure multiple
Oracle database server instances.