Back to Documentation

Authentication

Secure access control and identity management for your database platform

Overview

DB24x7 provides enterprise-grade authentication mechanisms to ensure secure access to your database infrastructure. Our multi-layered authentication system supports various identity providers and security protocols.

SSO/SAML 2.0

Enterprise single sign-on integration

OAuth 2.0

Popular identity providers support

2FA/MFA

Multi-factor authentication support

SSO/SAML Setup

Configure enterprise single sign-on to streamline user access management through your existing identity provider.

Supported Identity Providers

  • Okta
  • Azure Active Directory (Azure AD)
  • Google Workspace
  • OneLogin
  • Auth0
  • Any SAML 2.0 compliant provider

Configuration Steps

  1. Navigate to Settings: Go to Settings Organization Authentication SSO/SAML
  2. Enable SAML: Toggle the SAML authentication option
  3. Configure Identity Provider: Enter the following details from your IdP:
    • SSO URL / SAML Endpoint
    • Entity ID / Issuer
    • X.509 Certificate
  4. Set Service Provider Details: Copy the following information to your IdP:
    • ACS URL: https://your-org.db24x7.com/auth/saml/acs
    • Entity ID: https://your-org.db24x7.com
    • Start URL: https://your-org.db24x7.com/auth/saml
  5. Configure Attribute Mapping: Map SAML attributes to user properties (email, name, role)
  6. Test Connection: Use the test button to verify configuration
  7. Enable for Organization: Activate SAML for all users

Just-in-Time (JIT) Provisioning

Enable JIT provisioning to automatically create user accounts when users first sign in via SAML. This eliminates the need for manual user creation.

OAuth Providers

Allow users to sign in using their existing accounts from popular OAuth providers.

Available Providers

GitHub

Sign in with GitHub accounts. Ideal for developer teams.

Google

Sign in with Google Workspace or Gmail accounts.

Microsoft

Sign in with Microsoft/Azure AD accounts.

GitLab

Sign in with GitLab accounts (self-hosted supported).

Configuration

To enable OAuth providers:

  1. Go to Settings Organization Authentication OAuth
  2. Select the provider you want to enable
  3. Enter the Client ID and Client Secret from your OAuth application
  4. Configure authorized callback URL
  5. Save and test the configuration

API Key Management

Manage API keys for programmatic access to DB24x7 services.

Creating API Keys

  1. Navigate to Settings API Keys
  2. Click "Create New API Key"
  3. Provide a descriptive name for the key
  4. Select the appropriate scope and permissions
  5. Set an expiration date (optional but recommended)
  6. Copy the generated key immediately (it won't be shown again)

API Key Types

Personal Access Tokens

Tied to your user account. Inherits your permissions and roles. Use for personal automation and scripts.

Service Account Keys

Independent of user accounts. Configure specific permissions. Ideal for applications and CI/CD pipelines.

Using API Keys

HTTP Request Example
curl -X GET https://api.db24x7.com/v1/databases \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json"

Security Best Practices

  • Never commit API keys to version control
  • Rotate keys regularly (every 90 days recommended)
  • Use environment variables to store keys
  • Set appropriate expiration dates
  • Revoke unused or compromised keys immediately

Two-Factor Authentication (2FA)

Add an extra layer of security to user accounts with two-factor authentication.

Supported 2FA Methods

Authenticator Apps (TOTP)

Time-based one-time passwords using apps like:

  • Google Authenticator
  • Authy
  • Microsoft Authenticator
  • 1Password

SMS Verification

Receive one-time codes via text message. Available as a backup method or for users without authenticator apps.

Enabling 2FA (Users)

  1. Go to Account Settings Security
  2. Click "Enable Two-Factor Authentication"
  3. Scan the QR code with your authenticator app
  4. Enter the 6-digit code to verify setup
  5. Save your recovery codes in a secure location

Enforcing 2FA (Organizations)

Organization administrators can require 2FA for all members:

  1. Go to Settings Organization Security
  2. Enable "Require Two-Factor Authentication"
  3. Set a grace period for users to enable 2FA (e.g., 7 days)
  4. Users without 2FA will be prompted to set it up on next login

Session Management

Control and monitor user sessions for enhanced security.

Session Settings

Session Timeout

Configure automatic logout after inactivity:

  • Default: 30 minutes
  • Range: 5 minutes to 24 hours
  • Can be configured per organization

Maximum Session Duration

Force re-authentication after a specified time period, regardless of activity. Default is 7 days.

Concurrent Session Limit

Limit the number of active sessions per user. When exceeded, the oldest session is terminated.

Active Session Management

Users can view and manage their active sessions:

  • View all active sessions with device and location info
  • See last activity timestamp for each session
  • Revoke individual sessions remotely
  • Sign out of all other sessions with a single click

IP Allowlisting

Enterprise plans can restrict access to specific IP addresses or ranges. Configure this in Settings Organization Security IP Allowlist.

Related Documentation

Role-Based Access Control

Configure roles and permissions for users

Audit Logs

Track and monitor authentication events