MySQL Integration Overview
The ObserveID MySQL integration retrieves identity and access data from the MySQL server as the source system and aggregates it into the ObserveID platform as the data consumer via the MySQL client–server protocol. This enables centralized visibility, governance, and control over MySQL accounts, facilitates access reviews across MySQL schemas and tables, and supports entitlement cataloging across permission and resource types.
The base configuration of the MySQL integration supports access analytics and access governance, with optional extensions for full lifecycle management and policy-driven access control.
Optional extension of the base configuration provides a secure layer for account administration and supports self-service access and credential management. In addition, it enables tightly controlled user provisioning and deprovisioning, role management, and privileged access management. The integration also provides audit evidence—such as access history, audit logs, and policy violations—and orchestrates complex business-driven processes, including onboarding, certification escalation, remediation campaigns, and access change approvals.
Base configuration
The initial setup of the integration enables data aggregation and synchronization. To support full read-write functionality, additional configuration is required to align the integration with the organization’s business context, security policies, and compliance requirements
The base configuration includes the following steps:
- Required prerequisites must be configured in MySQL for ObserveID.
- Connection parameters must be configured in ObserveID for MySQL.
- The initial data load from MySQL to ObserveID must be completed successfully.
Baseline capabilities
Once the base integration setup is complete, the following standard read-only capabilities are available:
- Aggregation and synchronization of database users stored in the
mysql.usersystem table; roles and privileges at the global and database levels; and MySQL schemas and tables imported as resources based on the baseline schema. - Access analytics and risk analysis across users, privileges, and resources.
- Access reviews and certification, provided that a ticketing system is integrated.
Optional configuration
Additional configuration enables read-write and governance capabilities, including:
- Identity lifecycle management, which requires configuration of MySQL account correlation logic and customization based on account types, such as user accounts, privileged accounts, service accounts, firecall accounts, orphaned accounts.
- Access control and account administration, which require configuration of MySQL account attributes through provisioning rules.
- Custom account attributes, enabled through optional attribute configuration.
- Automated access provisioning for onboarding/reinstatement scenarios, which requires configuration of the birthright access assignment.
- Automated access termination for offboarding scenarios, which requires configuration of the leaver rule.
- Remote connectivity, which requires dedicated remote access configuration.
- Other custom integration operations, driven by specific business or security requirements.
The MySQL integration enables centralized control over the full account lifecycle, role-based access control (RBAC), and real-time visibility into access-related activities. This approach reduces the risk of unauthorized access while ensuring auditability, policy compliance, and operational consistency at scale.