Integrating LangChain with Okta Data via CData Connect AI
LangChain is a framework used by developers, data engineers, and AI practitioners for building AI-powered applications and workflows by combining reasoning models (LLMs), tools, APIs, and data connectors. By integrating LangChain with CData Connect AI through the built-in MCP Server, workflows can effortlessly access and interact with live Okta data in real time.
CData Connect AI offers a secure, low-code environment to connect Okta and other data sources, removing the need for complex ETL and enabling seamless automation across business applications with live data.
This article outlines how to configure Okta connectivity in CData Connect AI, register the MCP server with LangChain, and build a workflow that queries Okta data in real time.
Prerequisites
- An account in CData Connect AI
- Python version 3.10 or higher, to install the LangChain and LangGraph packages
- Generate and save an OpenAI API key
- Install Visual Studio Code in your system
Step 1: Configure Okta Connectivity for LangChain
Before LangChain can access Okta, a Okta connection must be created in CData Connect AI. This connection is then exposed to LangChain through the remote MCP server.
- Log in to Connect AI click Sources, and then click + Add Connection
- From the available data sources, choose Okta
-
Enter the necessary authentication properties to connect to Okta
To connect to Okta, set the Domain connection string property to your Okta domain.
You will use OAuth to authenticate with Okta, so you need to create a custom OAuth application.
Creating a Custom OAuth Application
From your Okta account:
- Sign in to your Okta developer edition organization with your administrator account.
- In the Admin Console, go to Applications > Applications.
- Click Create App Integration.
- For the Sign-in method, select OIDC - OpenID Connect.
- For Application type, choose Web Application.
- Enter a name for your custom application.
- Set the Grant Type to Authorization Code. If you want the token to be automatically refreshed, also check Refresh Token.
- Set the callback URL:
- For desktop applications and headless machines, use http://localhost:33333 or another port number of your choice. The URI you set here becomes the CallbackURL property.
- For web applications, set the callback URL to a trusted redirect URL. This URL is the web location the user returns to with the token that verifies that your application has been granted access.
- In the Assignments section, either select Limit access to selected groups and add a group, or skip group assignment for now.
- Save the OAuth application.
- The application's Client Id and Client Secret are displayed on the application's General tab. Record these for future use. You will use the Client Id to set the OAuthClientId and the Client Secret to set the OAuthClientSecret.
- Check the Assignments tab to confirm that all users who must access the application are assigned to the application.
- On the Okta API Scopes tab, select the scopes you wish to grant to the OAuth application. These scopes determine the data that the app has permission to read, so a scope for a particular view must be granted for the driver to have permission to query that view. To confirm the scopes required for each view, see the view-specific pages in Data Model < Views in the Help documentation.
- Click Save & Test
- Once authenticated, open the Permissions tab in the Okta connection and configure user-based permissions as required
Generate a Personal Access Token (PAT)
LangChain authenticates to Connect AI using an account email and a Personal Access Token (PAT). Creating separate PATs for each integration is recommended to maintain access control granularity.
- In Connect AI, select the Gear icon in the top-right to open Settings
- Under Access Tokens, select Create PAT
- Provide a descriptive name for the token and select Create
- Copy the token and store it securely. The PAT will only be visible during creation
With the Okta connection configured and a PAT generated, LangChain is prepared to connect to Okta data through the CData MCP server.
Note: You can also generate a PAT from LangChain in the Integrations section of Connect AI. Simply click Connect --> Create PAT to generate it.
Step 2: Connect to the MCP server in LangChain
To connect LangChain with CData Connect AI Remote MCP Server and use OpenAI (ChatGPT) for reasoning, you need to configure your MCP server endpoint and authentication values in a config.py file. These values allow LangChain to call the MCP server tools, while OpenAI handles the natural language reasoning.
- Create a folder for LangChain MCP
- Create two Python files within the folder: config.py and langchain.py
- In config.py, create a class Config to define your MCP server authentication and URL. You need to provide your Base64-encoded CData Connect AI username and PAT (obtained in the prerequisites):
class Config: MCP_BASE_URL = "https://mcp.cloud.cdata.com/mcp" #MCP Server URL MCP_AUTH = "base64encoded(EMAIL:PAT)" #Base64 encoded Connect AI Email:PATNote: You can create the base64 encoded version of MCP_AUTH using any Base64 encoding tool.
- In langchain.py, set up your MCP server and MCP client to call the tools and prompts:
""" Integrates a LangChain ReAct agent with CData Connect AI MCP server. The script demonstrates fetching, filtering, and using tools with an LLM for agent-based reasoning. """ import asyncio from langchain_mcp_adapters.client import MultiServerMCPClient from langchain_openai import ChatOpenAI from langgraph.prebuilt import create_react_agent from config import Config async def main(): # Initialize MCP client with one or more server URLs mcp_client = MultiServerMCPClient( connections={ "default": { # you can name this anything "transport": "streamable_http", "url": Config.MCP_BASE_URL, "headers": {"Authorization": f"Basic {Config.MCP_AUTH}"}, } } ) # Load remote MCP tools exposed by the server all_mcp_tools = await mcp_client.get_tools() print("Discovered MCP tools:", [tool.name for tool in all_mcp_tools]) # Create and run the ReAct style agent llm = ChatOpenAI( model="gpt-4o", temperature=0.2, api_key="YOUR_OPEN_API_KEY" #Use your OpenAI API Key here, this can be found here: https://platform.openai.com/ ) agent = create_react_agent(llm, all_mcp_tools) user_prompt = "How many tables are available in Okta1?" #Change prompts as per need print(f" User prompt: {user_prompt}") # Send a prompt asking the agent to use the MCP tools response = await agent.ainvoke( { "messages": [{ "role": "user", "content": (user_prompt),}]} ) # Print out the agent's final response final_msg = response["messages"][-1].content print("Agent final response:", final_msg) if __name__ == "__main__": asyncio.run(main())
Step 3: Install the LangChain and LangGraph packages
Since this workflow uses LangChain together with CData Connect AI MCP and integrates OpenAI for reasoning, you need to install the required Python packages.
Run the following command in your project terminal:
pip install langchain-mcp-adapters langchain-openai langgraph
Step 4: Prompt Okta using LangChain (via the MCP server)
- When the installation finishes, run python langchain.py to execute the script
- The script connects to the MCP server and discovers the CData Connect AI MCP tools available for querying your connected data
- Supply a prompt (e.g., "How many tables are available in Okta?")
- Accordingly, the agent responds with the results
Get CData Connect AI
To get live data access to hundreds of SaaS, Big Data, and NoSQL sources directly from your cloud applications, try CData Connect AI today!