In our environment we are now going to be forced to change the SOI SQL DB password every 60 days due to a STIG. This is a requirement being enforced on local SQL server authenticated accounts. However if we could use an windows AD authenticated account for the SOI SQL DB access, we would be required to change this password less often. Currently the administrative procedure for changing the SOI SQL DB password on the SOI manager/UI servers requires many steps. I would have been helpful if it only needed to be updated in a single file, but requires it to be changed in about 11 different files. A simpler method of updating the DB password in Spectrum would be helpful.
Are there any plans to support the use of a windows AD account for SOI SQL DB access?
Has anyone determined if it's possible to make changes required to allow use of a windows AD account for the SOI database connection instead of a local SQL authenticated user account? If the user account is the db owner, then it would seem that it should be possible.
Hello Brian, may this can help here.
Configure the database to use Mixed Mode authentication with the "sa" user name and password. You can then enter a SQL Server user name and password during CA SOI installation. ■ As a best practice, the database administrator should create the SAMStore database before you install the product and create a user with db_owner privileges for the database. In this situation, the CA SOI installer requires only the user name defined for the database. Otherwise, the installer requires you to enter a database user with sysadmin privileges to create a new database.
Has anyone determined what would need to be changed to use a windows AD account for the SOI database connection instead of a local SQL authenticated user account? We currently have our environment configured as indicated in the installation documentation. I'm familiar with changing the user/password for this user, but would prefer to use a windows AD account instead.
The answer provided by Britta Hoffner did not answer my quesion. I've done things like migrate the SOI database to a new server, moved the DB from sql 2008r2 to sql 2012r2 server, changed the DB user from "sa" to another username, changed the password many times. So, I'm familiar with the procedures required. Instead of using mixed mode authentication, we would like to use windows authentication. If there's some way that could be done it would allow the DB to be configured in the standard used in our environment.