How to Connect Okta Data to Gemini Enterprise via CData Connect AI
Gemini Enterprise is Google's enterprise AI assistant, available as part of Google Workspace. With native support for Custom MCP Server data stores, Gemini Enterprise can be extended to query and act on live enterprise data via the Model Context Protocol (MCP). When combined with CData Connect AI Remote MCP, Gemini Enterprise can interact with Okta data in real time using natural language — without data replication or custom integration logic.
CData Connect AI offers a dedicated cloud-to-cloud interface for connecting to Okta data via a single managed MCP endpoint. The CData Connect AI Remote MCP Server enables secure communication between Gemini Enterprise and Okta, allowing users to ask questions and take actions on live Okta data through natural language prompts.
This article explains how to connect Gemini Enterprise to live Okta data through CData Connect AI by creating a Custom MCP Server data store — giving users access to Okta data directly from the Gemini Enterprise chat interface.
Prerequisites
- A CData Connect AI account with at least one active connection (e.g., Okta)
- A Gemini Enterprise account (trial available)
- A Google Cloud project with billing enabled
- The Google Cloud CLI installed and configured
- In your Google Cloud account:
- Override the organization policy for Custom MCP data stores (learn more).
- Grant the Discovery Engine Editor role to the administrator (learn more).
Step 1: Configure Okta connectivity for Gemini Enterprise
Connectivity to Okta from Gemini Enterprise is made possible through CData Connect AI Remote MCP. To interact with Okta data from Gemini Enterprise, start by creating and configuring a Okta connection in CData Connect AI.
- Log into Connect AI, click Sources, and then click Add Connection
- Select "Okta" from the Add Connection panel
-
Enter the necessary authentication properties to connect to Okta.
To connect to Okta, set the Domain connection string property to your Okta domain.
You will use OAuth to authenticate with Okta, so you need to create a custom OAuth application.
Creating a Custom OAuth Application
From your Okta account:
- Sign in to your Okta developer edition organization with your administrator account.
- In the Admin Console, go to Applications > Applications.
- Click Create App Integration.
- For the Sign-in method, select OIDC - OpenID Connect.
- For Application type, choose Web Application.
- Enter a name for your custom application.
- Set the Grant Type to Authorization Code. If you want the token to be automatically refreshed, also check Refresh Token.
- Set the callback URL:
- For desktop applications and headless machines, use http://localhost:33333 or another port number of your choice. The URI you set here becomes the CallbackURL property.
- For web applications, set the callback URL to a trusted redirect URL. This URL is the web location the user returns to with the token that verifies that your application has been granted access.
- In the Assignments section, either select Limit access to selected groups and add a group, or skip group assignment for now.
- Save the OAuth application.
- The application's Client Id and Client Secret are displayed on the application's General tab. Record these for future use. You will use the Client Id to set the OAuthClientId and the Client Secret to set the OAuthClientSecret.
- Check the Assignments tab to confirm that all users who must access the application are assigned to the application.
- On the Okta API Scopes tab, select the scopes you wish to grant to the OAuth application. These scopes determine the data that the app has permission to read, so a scope for a particular view must be granted for the driver to have permission to query that view. To confirm the scopes required for each view, see the view-specific pages in Data Model < Views in the Help documentation.
- Click Save & Test
-
Navigate to the Permissions tab in the Add Okta Connection page and update the User-based permissions.
Create an OAuth App in CData Connect AI
Gemini Enterprise uses OAuth 2.0 Authorization Code with PKCE to authenticate users against the CData Connect AI MCP Server. This requires creating a user-based OAuth App in your CData Connect AI account.
- Click the Gear icon () in the top-right corner of Connect AI to open Settings.
- Navigate to OAuth Apps and click + Create App. The Create OAuth App dialog appears.
- Enter the following settings:
- Name — Enter a descriptive name (e.g., GeminiEnterpriseOAuth).
- Authentication Flow — Select User-based (Authorization Code).
- Callback URL — Enter https://vertexaisearch.cloud.google.com/oauth-redirect.
- Click Confirm. CData Connect AI creates the OAuth App and generates a Client ID and Client Secret.
- Copy both the Client ID and Client Secret values. You will need them in Step 5.
With the connection configured and an OAuth App created, we are ready to create the custom MCP server data store in Gemini Enterprise.
Step 2: Create the custom MCP server data store
- Open Gemini Enterprise and navigate to the Data stores screen.
- Click Create data store.
- On the Select a data source page, enter Custom MCP Server in the Search sources field. The Custom MCP Server card displays.
- Click Add MCP server. The MCP Server Configuration page displays.
- In the Authentication settings section, enter values in the following required fields:
- MCP Server URL: https://mcp.cloud.cdata.com/mcp
- Authorization URL: https://cloud-login.cdata.com/authorize
- Token URL: https://cloud-login.cdata.com/oauth/token
- Client ID and Client Secret: From the OAuth App created in Step 1
- Click Login, and complete the sign-in.
- Click Continue, and the Advanced options section opens.
In the MCP Server Description field, enter a description that helps Gemini Enterprise understand what the server does and when to use it. For more information, see Write effective MCP server descriptions and instructions.
Click Continue.
In the Configure your data connector section, select the Location of your data connector from the Multi-region field list.
In Your data connector name, enter a name for your data store.
Click Create. Gemini Enterprise creates your data store and displays your data stores on the Data Stores page.
Note: By default, no tools or actions from your custom MCP servers are enabled. You must enable the tools or actions.
Step 3: Enable actions
After creating the custom MCP server data store, you must enable at least one tool or action before it can be used in Gemini Enterprise.
- Go to your custom MCP server data store.
Open the Actions tab and select Reload custom actions to reauthenticate.
Note: This action performs a tools/list call on the MCP server to retrieve available tools, which are then displayed on the screen.
- Select the actions to enable.
- Click Enable actions.
Step 4: Connect the MCP server data store to a Gemini Enterprise app
After creating the custom MCP server data store and enabling actions, you must connect the data store to a Gemini Enterprise app before it can be used.
- In the Google Cloud console, go to the Gemini Enterprise page.
- From the navigation menu, click Apps.
- Select the Gemini Enterprise app where you want to connect your data store.
- From the navigation menu of the app, click Connected data sources.
- Click Add existing data stores and select your data store.
- Click Connect.
Step 5: Query live Okta data with natural language
With the data store connected, Gemini Enterprise users can interact with live Okta data using natural language from the Gemini Enterprise web application. Each user authenticates with their own Connect AI credentials via the OAuth flow on first use.
- Open Gemini Enterprise, click Connections and authorize CData Connect AI.
-
Ask natural language questions about your Okta data:
- "Show me all Okta data from the last 30 days"
- "What are the top records in Okta data by revenue?"
- "List all active Okta data and their current status"
- "Summarize Okta data activity for this quarter"
- The agent automatically discovers available connections in Connect AI, identifies the most relevant Okta connection, generates SQL, and returns results — all without requiring the user to write queries or understand the underlying data structure.
Get CData Connect AI
To get live data access to hundreds of SaaS, Big Data, and NoSQL sources directly from Gemini Enterprise and other AI platforms, try CData Connect AI today!