---
title: Configuring database access
description: After a database has been discovered, configure its access credentials in PingOne Privilege to enable just-in-time access for your users.
component: privilege
page_id: privilege:configuration:cloud-accounts/database-access
canonical_url: https://docs.pingidentity.com/privilege/configuration/cloud-accounts/database-access.html
revdate: May 4, 2026
section_ids:
  method-1-using-stored-credentials: "Method 1: Using Stored Credentials"
  method-2-using-cloud-iam: "Method 2: Using Cloud IAM"
---

# Configuring database access

After PingOne Privilege discovers a database in your cloud environment, you must configure its access credentials to enable just-in-time (JIT) access. You can configure access using either stored credentials or by leveraging cloud provider Identity and Access Management (IAM).

## Method 1: Using Stored Credentials

In this method, you store the database's username and password in PingOne Privilege. The gateway uses these credentials to connect to the database on behalf of the user.

1. In the PingOne Privilege admin console, go to the **Targets** page.

2. Locate your database in the list of discovered resources. You can filter by type to find it more easily.

3. Click the **More Info** button for the database.

4. Click the **Run Check** button. If the gateway has connectivity to the database, the cluster information will be automatically populated.

5. In the credentials section, enter the **username** and **password** required for database access.

6. Save the configuration.

## Method 2: Using Cloud IAM

Alternatively, you can connect to the database using cloud provider Identity and Access Management (IAM) permissions. This method is more secure as it does not require storing static credentials. The specific configuration steps vary depending on the cloud provider (AWS, GCP, Azure).