MySQL Integration Overview

The ObserveID MySQL integration retrieves identity and access data from the MySQL server as the source system and aggregates it into the ObserveID platform as the data consumer via the MySQL client–server protocol. This enables centralized visibility, governance, and control over MySQL accounts, facilitates access reviews across MySQL schemas and tables, and supports entitlement cataloging across permission and resource types.

The base configuration of the MySQL integration supports access analytics and access governance, with optional extensions for full lifecycle management and policy-driven access control.

Optional extension of the base configuration provides a secure layer for account administration and supports self-service access and credential management. In addition, it enables tightly controlled user provisioning and deprovisioning, role management, and privileged access management. The integration also provides audit evidence—such as access history, audit logs, and policy violations—and orchestrates complex business-driven processes, including onboarding, certification escalation, remediation campaigns, and access change approvals.

Base configuration

The initial setup of the integration enables data aggregation and synchronization. To support full read-write functionality, additional configuration is required to align the integration with the organization’s business context, security policies, and compliance requirements

The base configuration includes the following steps:

  1. Required prerequisites must be configured in MySQL for ObserveID.
  2. Connection parameters must be configured in ObserveID for MySQL.
  3. The initial data load from MySQL to ObserveID must be completed successfully.

Baseline capabilities

Once the base integration setup is complete, the following standard read-only capabilities are available:

  • Aggregation and synchronization of database users stored in the mysql.user system table; roles and privileges at the global and database levels; and MySQL schemas and tables imported as resources based on the baseline schema.
  • Access analytics and risk analysis across users, privileges, and resources.
  • Access reviews and certification, provided that a ticketing system is integrated.

Optional configuration

Additional configuration enables read-write and governance capabilities, including:

  • Identity lifecycle management, which requires configuration of MySQL account correlation logic and customization based on account types, such as user accounts, privileged accounts, service accounts, firecall accounts, orphaned accounts.
  • Access control and account administration, which require configuration of MySQL account attributes through provisioning rules.
  • Custom account attributes, enabled through optional attribute configuration.
  • Automated access provisioning for onboarding/reinstatement scenarios, which requires configuration of the birthright access assignment.
  • Automated access termination for offboarding scenarios, which requires configuration of the leaver rule.
  • Remote connectivity, which requires dedicated remote access configuration.
  • Other custom integration operations, driven by specific business or security requirements.

The MySQL integration enables centralized control over the full account lifecycle, role-based access control (RBAC), and real-time visibility into access-related activities. This approach reduces the risk of unauthorized access while ensuring auditability, policy compliance, and operational consistency at scale.