In today’s hybrid IT environments, many organizations continue to rely on a complex landscape of on-prem applications for core business operations, even as they invest heavily in cloud technologies. We recognize how critical these systems are to your operations, and we understand the unique challenges that come with securing them. In fact, Bloomberg reports that 48% of companies still use on-prem ERP systems, underscoring the ongoing need for robust, modernized oversight. However, managing governance for these systems has remained a complex and resource-intensive challenge.
On-prem systems often rely on outdated legacy architectures, lack native integration with modern identity platforms, and frequently require expensive custom-coded solutions for provisioning and governance. These fragmented approaches create significant security vulnerabilities, increase inefficiencies, and drive up operational costs. Without a seamless way to integrate on-prem applications into modern identity governance platforms, organizations face growing security risks, including unauthorized access and compliance violations, as well as barriers to fully adopting cloud solutions.
Bringing modern governance to legacy systems
Okta’s On-prem Connector is designed to address these challenges head-on. It seamlessly integrates on-prem applications with Okta Identity Governance (OIG), enhancing security through centralized access controls, automated provisioning, and streamlined certification processes.
Back in 2025, we brought these capabilities to SAP NetWeaver and Oracle EBS (Early Access). Now, we are excited to share that we have expanded our offerings with the On-prem Connector for Generic Databases (Early Access). This low-code solution allows admins to configure database connectivity directly in the Okta UI, eliminating the need for deep Java expertise or brittle, custom-coded integrations. By leveraging the Okta Provisioning Agent and SCIM server, you can now manage users and entitlements across major relational databases, including:
- Oracle
- MySQL
- PostgreSQL
- Microsoft SQL Server
Once the agent is installed, you will connect it to your Okta On-prem SCIM Server.
Finally, you can establish a direct connection to your database by entering your JDBC credentials.
Three ways to connect your data
To accommodate varying levels of database complexity, the connector provides three distinct methods for performing operations on your on-prem systems:
- SQL statements (low-code): Configure operations directly in the Okta UI using standard commands (such as SELECT, INSERT, UPDATE, or DELETE) to directly fetch or modify data. Dynamic placeholders (represented by a ?) securely map Okta attributes to your database columns during execution, allowing admins to manage the integration without writing a single line of backend code.
- Stored procedures (low-code): Call a pre-compiled set of SQL statements by name for both import and provisioning operations. This allows you to leverage existing database logic through simple UI configuration, making it ideal for offloading complex business logic and multi-table transactions to the database engine.
- Custom code: For advanced logic beyond standard SQL, developers can use Okta’s SCIM SDK to extend the connector’s native Java logic. While this method supports all outbound provisioning actions (create, update, activate), SQL statements or stored procedures are still required to pull user and entitlement data into Okta.
Unified security across your environment
By bringing these databases into the OIG ecosystem, organizations can now automate core governance tasks that were previously manual and error-prone. With the On-prem Connector, you can:
- Automate lifecycle management: Automatically create, update, and de-provision user accounts with entitlements in your on-prem databases based on Okta status.
- Govern fine-grained entitlements: Discover and manage complex permissions, such as database-specific entitlements, directly from the Okta Admin Console.
- Strengthen compliance: Run access certifications and enforce separation of duties (SoD) for your on-prem environments, ensuring a "least privilege" model is maintained everywhere.
This alignment ensures that your identity strategy remains consistent and highly secure, whether your resources reside in the cloud or in a legacy on-prem database. By automating user provisioning and importing complex entitlement data, Okta helps ensure your legacy systems are as secure and manageable as your modern cloud apps. This is a significant step forward in our mission to provide unified, end-to-end identity security across all environments.
Already an Okta Identity Governance customer? The On-prem Connector for Generic Databases is currently available for Early Access (EA). See more on how to integrate your on-prem databases and automate governance workflows in the Okta Identity Governance Product Hub, or head straight to Okta Docs for step-by-step instructions to start your integration today.
New to Okta Identity Governance? Connect with one of our specialists to see how Okta Identity Governance can help you manage on-prem entitlements and unify access data across your entire hybrid environment.
These materials are intended for general informational purposes only and are not intended to be legal, privacy, security, compliance, or business advice. You are responsible for obtaining security, privacy, compliance, or business advice from your own professional advisors.
Disclaimer: Any products, features, functionalities, certifications, authorizations, or attestations referenced in this presentation that are not currently generally available or have not yet been obtained or are not currently maintained may not be delivered or obtained on time or at all. Product roadmaps do not represent a commitment, obligation or promise to deliver any product, feature, functionality, certification or attestation and you should not rely on them to make your purchase decisions. © Okta, Inc. and its affiliates. 2026.
