Integrating Dataiku with Okta Data via CData Connect AI

Yazhini G
Yazhini G
Technical Marketing Engineer
Leverage the CData Connect AI Remote MCP Server to enable Dataiku Agents to securely query and act on live Okta data.

Dataiku is a collaborative data science and AI platform that enables teams to design, deploy, and manage machine learning and generative AI projects within a governed environment. It's Agent and GenAI framework allows users to build intelligent agents that can analyze, generate, and act on data through custom workflows and model orchestration.

By integrating Dataiku with CData Connect AI through the built-in MCP (Model Context Protocol) Server, these agents gain secure, real-time access to live Okta data. The integration bridges Dataiku's agent execution environment with CData's governed enterprise connectivity layer, allowing every query or instruction to run safely against authorized data sources without manual exports or staging.

This article demonstrates how to configure Okta connectivity in Connect AI, prepare a Python code environment in Dataiku with MCP support, and create an agent that queries and interacts with live Okta data directly from within Dataiku.

Step 1: Configure Okta Connectivity for Dataiku

Connectivity to Okta from Dataiku is made possible through CData Connect AI's Remote MCP Server. To interact with Okta data from Dataiku, you start by creating and configuring a Okta connection in CData Connect AI.

  1. Log into Connect AI, click Sources, then click Add Connection
  2. Select "Okta" from the Add Connection panel
  3. Enter the necessary authentication properties to connect to Okta.

    To connect to Okta, set the Domain connection string property to your Okta domain.

    You will use OAuth to authenticate with Okta, so you need to create a custom OAuth application.

    Creating a Custom OAuth Application

    From your Okta account:

    1. Sign in to your Okta developer edition organization with your administrator account.
    2. In the Admin Console, go to Applications > Applications.
    3. Click Create App Integration.
    4. For the Sign-in method, select OIDC - OpenID Connect.
    5. For Application type, choose Web Application.
    6. Enter a name for your custom application.
    7. Set the Grant Type to Authorization Code. If you want the token to be automatically refreshed, also check Refresh Token.
    8. Set the callback URL:
      • For desktop applications and headless machines, use http://localhost:33333 or another port number of your choice. The URI you set here becomes the CallbackURL property.
      • For web applications, set the callback URL to a trusted redirect URL. This URL is the web location the user returns to with the token that verifies that your application has been granted access.
    9. In the Assignments section, either select Limit access to selected groups and add a group, or skip group assignment for now.
    10. Save the OAuth application.
    11. The application's Client Id and Client Secret are displayed on the application's General tab. Record these for future use. You will use the Client Id to set the OAuthClientId and the Client Secret to set the OAuthClientSecret.
    12. Check the Assignments tab to confirm that all users who must access the application are assigned to the application.
    13. On the Okta API Scopes tab, select the scopes you wish to grant to the OAuth application. These scopes determine the data that the app has permission to read, so a scope for a particular view must be granted for the driver to have permission to query that view. To confirm the scopes required for each view, see the view-specific pages in Data Model < Views in the Help documentation.
  4. Click Save & Test
  5. Open the Permissions tab and set user-based permissions

Add a Personal Access Token

A Personal Access Token (PAT) is used to authenticate the connection to Connect AI from Dataiku. It is best practice to create a separate PAT for each integration to maintain granular access control

  1. Click the gear icon () at the top right of the Connect AI app to open Settings
  2. On the Settings page, go to the Access Tokens section and click Create PAT
  3. Give the PAT a descriptive name and click Create
  4. Copy the token when displayed and store it securely. It will not be shown again

With the Okta connection configured and a PAT generated, Dataiku can now connect to Okta data through the Connect AI.

Step 2: Prepare Dataiku and the Code Environment

A dedicated python code environment in Dataiku provides the runtime support needed for MCP-based communication. To enable Dataiku Agents to connect to CData Connect AI, create a Python environment and install the MCP client dependencies required for agent-to-server interaction.

  1. In Dataiku Cloud, open Code Envs
  2. Click Add a code env to open the DSS settings window
  3. In DSS, click New Python env. Name it (for example, MCP_Package) and choose Python 3.10 (3.10 to 3.13 supported)
  4. Open Packages to install and add the following pip packages:
    • httpx
    • anyio
    • langchain-mcp-adapters
  5. Open Containerized execution and under Container runtime additions select Agent tool MCP servers support
  6. Check Rebuild env and click Save and update to install packages
  7. Back in Dataiku Cloud, open Overview and click Open instance
  8. Click + New project and select Blank project. Name the project

Step 3: Create a Dataiku Agent and connect to the MCP server

The Dataiku Agent serves as the bridge between the Dataiku workspace and Connect AI. To enable this connection, create a custom code-based agent, assign it the configured Python environment, and embed your Connect AI credentials to allow the agent to query and interact with live Okta data.

  1. Go to Agents & GenAI Models and click Create your first agent
  2. Choose Code agent, name it, and for Agent version select Asynchronous agent without streaming
  3. From the tab above select Settings. In Code env selection set Default Python code env to the environment you created (for example, MCP_Package)
  4. Return to the Agent Design tab and paste the following code. Replace EMAIL, and PAT with your values
  5. 
    
    import os
    import base64
    from typing import Dict, Any, List
     
    from dataiku.llm.python import BaseLLM
    from langchain_mcp_adapters.client import MultiServerMCPClient
     
    # ---------- Persistent MCP client (cached between calls) ----------
    _MCP_CLIENT = None
     
    def _get_mcp_client() -> MultiServerMCPClient:
        """Create (or reuse) a MultiServerMCPClient to CData Cloud MCP."""
        global _MCP_CLIENT
        if _MCP_CLIENT is not None:
            return _MCP_CLIENT
     
        # Set creds via env/project variables ideally
        EMAIL = os.getenv("CDATA_EMAIL", "YOUR_EMAIL") 
        PAT   = os.getenv("CDATA_PAT",   "YOUR_PAT")        
        BASE_URL = "https://mcp.cloud.cdata.com/mcp"
     
        if not EMAIL or PAT == "YOUR_PAT":
            raise ValueError("Set CDATA_EMAIL and CDATA_PAT as env variables or inline in the code.")
     
        token = base64.b64encode(f"{EMAIL}:{PAT}".encode()).decode()
        headers = {"Authorization": f"Basic {token}"}
     
        _MCP_CLIENT = MultiServerMCPClient(
            connections={
                "cdata": {
                    "transport": "streamable_http",
                    "url": BASE_URL,
                    "headers": headers,
                }
            }
        )
        return _MCP_CLIENT
     
     
    def _pick_tool(tools, names: List[str]):
        L = [n.lower() for n in names]
        return next((t for t in tools if t.name.lower() in L), None)
     
     
    async def _route(prompt: str) -> str:
        """
        Simple intent router:
          - 'list connections' / 'list catalogs' -> getCatalogs
          - 'sql: ...' or 'query: ...' -> queryData
          - otherwise -> help text
        """
        client = _get_mcp_client()
        tools = await client.get_tools()
     
        p = prompt.strip()
        low = p.lower()
     
        # 1) List connections (catalogs)
        if "list connections" in low or "list catalogs" in low:
            t = _pick_tool(tools, ["getCatalogs", "listCatalogs"])
            if not t:
                return "No 'getCatalogs' tool found on the MCP server."
            res = await t.ainvoke({})
            return str(res)[:4000]
     
        # 2) Run SQL
        if low.startswith("sql:") or low.startswith("query:"):
            sql = p.split(":", 1)[1].strip()
            t = _pick_tool(tools, ["queryData", "sqlQuery", "runQuery", "query"])
            if not t:
                return "No query-capable tool (queryData/sqlQuery) found on the MCP server."
            try:
                res = await t.ainvoke({"query": sql})
                return str(res)[:4000]
            except Exception as e:
                return f"Query failed: {e}"
     
        # 3) Help
        return (
            "Connected to CData MCP
    
    "
            "Say **'list connections'** to view available sources, or run a SQL like:
    "
            "  sql: SELECT * FROM [Salesforce1].[SYS].[Connections] LIMIT 5
    
    "
            "Remember to use bracket quoting for catalog/schema/table names."
        )
     
     
    class MyLLM(BaseLLM):
        async def aprocess(self, query: Dict[str, Any], settings: Dict[str, Any], trace: Any):
            # Extract last user message from the Quick Test payload
            prompt = ""
            try:
                prompt = (query.get("messages") or [])[-1].get("content", "")
            except Exception:
                prompt = ""
     
            try:
                reply = await _route(prompt)
            except Exception as e:
                reply = f"Error: {e}"
     
            # The template expects a dict with a 'text' key
            return {"text": reply}
    
    

    Run a Quick Test

    1. Open Quick Test on the right side panel
    2. Paste the JSON code and click Run test
    3. 
      {
         "messages": [
            {
               "role": "user",
               "content": "list connections"
            }
         ],
         "context": {}
      }
      
      

    Chat with your Agent

    Switch to the Chat tab and try prompting like, "List all connections". The chat output will show a list of connection catalogs.

    Get CData Connect AI

    To access hundreds of SaaS, Big Data, and NoSQL sources from your AI agents, try CData Connect AI today.

Ready to get started?

Learn more about CData Connect AI or sign up for free trial access:

Free Trial