Connect to Okta Data as a SQL Server Linked Server
SQL Server Linked Servers enable the SQL Server Database Engine to read data from remote data sources and execute commands against the remote database servers outside of the instance of SQL Server. Typically, linked servers are configured to enable the execution of a T-SQL statement that includes tables in another instance of SQL Server, or another database product such as Oracle. When paired with CData Connect AI, linked servers provides instant access to Okta data from your SQL Server database. This article demonstrates how to connect to Okta using Connect AI and query Okta data in SQL Server Management Studio (SSMS).
CData Connect AI provides a pure SQL Server interface for Okta, allowing you to query data from Okta without replicating the data to a natively supported database. Using optimized data processing out of the box, CData Connect AI pushes all supported SQL operations (filters, JOINs, etc.) directly to Okta, leveraging server-side processing to return the requested Okta data quickly.
Configure Okta Connectivity for SQL Server
Connectivity to Okta from SQL Linked Servers is made possible through CData Connect AI. To work with Okta data from SQL Linked Servers, we start by creating and configuring a Okta connection.
- Log into Connect AI, click Sources, and then click Add Connection
- Select "Okta" from the Add Connection panel
-
Enter the necessary authentication properties to connect to Okta.
To connect to Okta, set the Domain connection string property to your Okta domain.
You will use OAuth to authenticate with Okta, so you need to create a custom OAuth application.
Creating a Custom OAuth Application
From your Okta account:
- Sign in to your Okta developer edition organization with your administrator account.
- In the Admin Console, go to Applications > Applications.
- Click Create App Integration.
- For the Sign-in method, select OIDC - OpenID Connect.
- For Application type, choose Web Application.
- Enter a name for your custom application.
- Set the Grant Type to Authorization Code. If you want the token to be automatically refreshed, also check Refresh Token.
- Set the callback URL:
- For desktop applications and headless machines, use http://localhost:33333 or another port number of your choice. The URI you set here becomes the CallbackURL property.
- For web applications, set the callback URL to a trusted redirect URL. This URL is the web location the user returns to with the token that verifies that your application has been granted access.
- In the Assignments section, either select Limit access to selected groups and add a group, or skip group assignment for now.
- Save the OAuth application.
- The application's Client Id and Client Secret are displayed on the application's General tab. Record these for future use. You will use the Client Id to set the OAuthClientId and the Client Secret to set the OAuthClientSecret.
- Check the Assignments tab to confirm that all users who must access the application are assigned to the application.
- On the Okta API Scopes tab, select the scopes you wish to grant to the OAuth application. These scopes determine the data that the app has permission to read, so a scope for a particular view must be granted for the driver to have permission to query that view. To confirm the scopes required for each view, see the view-specific pages in Data Model < Views in the Help documentation.
- Click Save & Test
-
Navigate to the Permissions tab in the Add Okta Connection page and update the User-based permissions.
Add a Personal Access Token
When connecting to Connect AI through the REST API, the OData API, or the Virtual SQL Server, a Personal Access Token (PAT) is used to authenticate the connection to Connect AI. It is best practice to create a separate PAT for each service to maintain granularity of access.
- Click on the Gear icon () at the top right of the Connect AI app to open the settings page.
- On the Settings page, go to the Access Tokens section and click Create PAT.
-
Give the PAT a name and click Create.
- The personal access token is only visible at creation, so be sure to copy it and store it securely for future use.
With the connection configured and a PAT generated, you are ready to connect to Okta data from .
Connect to Okta from SQL Server using Connect AI
To establish a connection from SQL Server Linked Server to the CData Connect AI Virtual SQL Server API, follow these steps.
- Open Microsoft SQL Server Management Studio.
- In the Object Explorer pane, open Server Objects, right-click Linked Servers, and select New Linked Server.
-
The New Linked Server dialogue opens. On the General page, enter the following information:
- Enter a name for the server in the Linked server field.
- Select the radio button Other data source and select SQL Server Native Client 11.0 as the provider.
- In the Data source field, enter tds.cdata.com,14333
- In the Catalog field, enter enter the Connection Name of the CData Connect AI data source you want to connect to (for example, Okta1).
-
Select the Security page. At the bottom, select the radio button labeled Be made using this security
context and enter the following information:
- Remote login - enter your CData Connect AI username. This is displayed in the top-right corner of the CData Connect AI interface. For example, [email protected].
- With password - enter the PAT you generated on the Settings page.
- Click OK to create the server. Your linked server can now be used to access the data in the data source you specified. If you need to access data from more sources, create another linked server for each one.
Execute Queries
You can now execute queries to the Okta linked server from any tool that can connect to SQL Server. An example SQL query would be:
SELECT * FROM [CDATA CONNECT CLOUD].[Okta1].[Okta].[Users]
We have successfully created a linked server that allows us to query Okta data.
Get CData Connect AI
To get live data access to hundreds of SaaS, Big Data, and NoSQL sources directly from your SQL Server database, try CData Connect AI today!