Integrate Live Okta Data in the Windsurf IDE via CData Connect AI
Windsurf is an AI-native IDE built around Cascade, an autonomous coding agent that understands project context and executes multi-step tasks directly inside the editor. Cascade supports the Model Context Protocol (MCP), allowing the agent to discover and call external tools and data sources without leaving the development environment.
By integrating Windsurf with CData Connect AI through the built-in MCP server, the Cascade agent gains governed, real-time access to live Okta data. This enables developers to list catalogs, inspect schemas, and query records from Okta data within the IDE using natural language prompts.
This article explains how to configure Okta connectivity in Connect AI, generate the required personal access token, configure the Connect AI MCP Server in Windsurf, and verify the integration by querying live Okta data from the Cascade chat.
Step 1: Configure Okta connectivity for Windsurf
Connectivity to Okta from Windsurf is made possible through Connect AI's Remote MCP Server. To interact with Okta data from Windsurf, start by creating and configuring a Okta connection in Connect AI.
- Log into Connect AI, click Sources, and then click Add Connection
- Select Okta from the Add Connection panel
-
Enter the necessary authentication properties to connect to Okta.
To connect to Okta, set the Domain connection string property to your Okta domain.
You will use OAuth to authenticate with Okta, so you need to create a custom OAuth application.
Creating a Custom OAuth Application
From your Okta account:
- Sign in to your Okta developer edition organization with your administrator account.
- In the Admin Console, go to Applications > Applications.
- Click Create App Integration.
- For the Sign-in method, select OIDC - OpenID Connect.
- For Application type, choose Web Application.
- Enter a name for your custom application.
- Set the Grant Type to Authorization Code. If you want the token to be automatically refreshed, also check Refresh Token.
- Set the callback URL:
- For desktop applications and headless machines, use http://localhost:33333 or another port number of your choice. The URI you set here becomes the CallbackURL property.
- For web applications, set the callback URL to a trusted redirect URL. This URL is the web location the user returns to with the token that verifies that your application has been granted access.
- In the Assignments section, either select Limit access to selected groups and add a group, or skip group assignment for now.
- Save the OAuth application.
- The application's Client Id and Client Secret are displayed on the application's General tab. Record these for future use. You will use the Client Id to set the OAuthClientId and the Client Secret to set the OAuthClientSecret.
- Check the Assignments tab to confirm that all users who must access the application are assigned to the application.
- On the Okta API Scopes tab, select the scopes you wish to grant to the OAuth application. These scopes determine the data that the app has permission to read, so a scope for a particular view must be granted for the driver to have permission to query that view. To confirm the scopes required for each view, see the view-specific pages in Data Model < Views in the Help documentation.
- Click Save & Test
- Navigate to the Permissions tab and update user-based permissions
Add a Personal Access Token
A Personal Access Token (PAT) is used to authenticate the connection to Connect AI from Windsurf. It is best practice to create a separate PAT for each integration to maintain granular access control.
- Click the gear icon () at the top right of the Connect AI app to open Settings
- On the Settings page, go to the Access Tokens section and click Create PAT
- Give the PAT a descriptive name and click Create
- Copy the token when displayed and store it securely. It will not be shown again
With the Okta connection configured and a PAT generated, Windsurf can now connect to Okta data.
Step 2: Configure Connect AI MCP in Windsurf
Next, configure the Connect AI Remote MCP Server in Windsurf so that the Cascade agent can discover and call live data tools through Connect AI.
- Download and install the Windsurf IDE
-
Open Windsurf, click your profile icon in the top right, and select Windsurf Settings
-
Under the Cascade section, locate MCP Servers and click Open MCP Registry
-
In the MCP Marketplace, click Add custom MCP in the top right
-
This opens the mcp_config.json file. Paste the following JSON:
{ "mcpServers": { "cdata-mcp": { "serverUrl": "https://mcp.cloud.cdata.com/mcp", "headers": { "Authorization": "Basic your_base64_encoded_email_PAT", "Content-Type": "application/json" } } } }Note: Windsurf will use Basic authentication with Connect AI. Combine your Connect AI user email and the PAT you created earlier in the format email:PAT, base64 encode the combined string, and prefix it with Basic. For example, given [email protected]:ABC123...XYZ789, the Authorization header value becomes something like: Basic dXNlckBkb21haW4uY29tOkFCQzEyMy4uLlhZWjc4OQ==
- Save the mcp_config.json file and return to the MCP Registry
-
Under Installed, confirm that cdata-mcp is listed and marked as Enabled
With the MCP server registered and enabled, Windsurf is ready to query live Okta data through Connect AI.
Step 3: Query live Okta data from Windsurf
With the integration complete, use the Cascade chat panel in Windsurf to interact with live Okta data through natural language prompts.
- On the top bar of Windsurf, switch from Editor to Agent to open a new Cascade chat
-
At the bottom of the chat panel, confirm that the cdata-mcp server is listed and the toggle is enabled
-
Start interacting with the agent by entering prompts like:
- List all catalogs in my cdata-mcp connection
- Show the available schemas and tables for Okta
- Query the top 5 records from a table in Okta data
-
The Cascade agent calls the Connect AI MCP Server and returns live results from Okta data
At this point, your Windsurf IDE communicates with the Connect AI MCP Server and retrieves live Okta data through remote MCP directly from the editor.
Get CData Connect AI
To access hundreds of SaaS, Big Data, and NoSQL sources directly from your cloud applications, try CData Connect AI today! Download a free 14-day trial of CData Connect AI today, and as always, our Support Team is available to assist you with any questions you may have.