Search Okta External Objects in Salesforce Connect (API Server)

Jerod Johnson
Jerod Johnson
Director, Technology Evangelism
Use the API Server to securely provide OData feeds of Okta data to smart devices and cloud-based applications. Use the API Server and Salesforce Connect to create Okta objects that you can access from apps and the dashboard.

The CData API Server enables you to access Okta data from cloud-based applications like the Salesforce console and mobile applications like the Salesforce1 Mobile App. In this article, you will use the API Server and Salesforce Connect to access Okta external objects alongside standard Salesforce objects.

Set Up the API Server

If you have not already done so, download the CData API Server. Once you have installed the API Server, follow the steps below to begin producing secure Okta OData services:

Connect to Okta

To work with Okta data from Salesforce Connect, we start by creating and configuring a Okta connection. Follow the steps below to configure the API Server to connect to Okta data:

  1. First, navigate to the Connections page.
  2. Click Add Connection and then search for and select the Okta connection.
  3. Enter the necessary authentication properties to connect to Okta.

    To connect to Okta, set the Domain connection string property to your Okta domain.

    You will use OAuth to authenticate with Okta, so you need to create a custom OAuth application.

    Creating a Custom OAuth Application

    From your Okta account:

    1. Sign in to your Okta developer edition organization with your administrator account.
    2. In the Admin Console, go to Applications > Applications.
    3. Click Create App Integration.
    4. For the Sign-in method, select OIDC - OpenID Connect.
    5. For Application type, choose Web Application.
    6. Enter a name for your custom application.
    7. Set the Grant Type to Authorization Code. If you want the token to be automatically refreshed, also check Refresh Token.
    8. Set the callback URL:
      • For desktop applications and headless machines, use http://localhost:33333 or another port number of your choice. The URI you set here becomes the CallbackURL property.
      • For web applications, set the callback URL to a trusted redirect URL. This URL is the web location the user returns to with the token that verifies that your application has been granted access.
    9. In the Assignments section, either select Limit access to selected groups and add a group, or skip group assignment for now.
    10. Save the OAuth application.
    11. The application's Client Id and Client Secret are displayed on the application's General tab. Record these for future use. You will use the Client Id to set the OAuthClientId and the Client Secret to set the OAuthClientSecret.
    12. Check the Assignments tab to confirm that all users who must access the application are assigned to the application.
    13. On the Okta API Scopes tab, select the scopes you wish to grant to the OAuth application. These scopes determine the data that the app has permission to read, so a scope for a particular view must be granted for the driver to have permission to query that view. To confirm the scopes required for each view, see the view-specific pages in Data Model < Views in the Help documentation.
  4. After configuring the connection, click Save & Test to confirm a successful connection.

Configure API Server Users

Next, create a user to access your Okta data through the API Server. You can add and configure users on the Users page. Follow the steps below to configure and create a user:

  1. On the Users page, click Add User to open the Add User dialog.
  2. Next, set the Role, Username, and Privileges properties and then click Add User.
  3. An Authtoken is then generated for the user. You can find the Authtoken and other information for each user on the Users page:

Creating API Endpoints for Okta

Having created a user, you are ready to create API endpoints for the Okta tables:

  1. First, navigate to the API page and then click Add Table .
  2. Select the connection you wish to access and click Next.
  3. With the connection selected, create endpoints by selecting each table and then clicking Confirm.

Gather the OData Url

Having configured a connection to Okta data, created a user, and added resources to the API Server, you now have an easily accessible REST API based on the OData protocol for those resources. From the API page in API Server, you can view and copy the API Endpoints for the API:

Connect to Okta Data as an External Data Source

Follow the steps below to connect to the feed produced by the API Server.

  1. Log into Salesforce and click Setup -> Develop -> External Data Sources.
  2. Click New External Data Source.
  3. Enter values for the following properties:
    • External Data Source: Enter a label to be used in list views and reports.
    • Name: Enter a unique identifier.
    • Type: Select the option "Salesforce Connect: OData 4.0".

    • URL: Enter the URL to the OData endpoint of the API Server. The format of the OData URL is https://your-server:your-port/api.rsc.

      Note that plain-text is suitable for only testing; for production, use TLS.

  4. Select JSON in the Format menu.

  5. In the Authentication section, set the following properties:
    • Identity Type: If all members of your organization will use the same credentials to access the API Server, select "Named Principal". If the members of your organization will connect with their own credentials, select "Per User".
    • Authentication Protocol: Select Password Authentication to use basic authentication.
    • Certificate: Enter or browse to the certificate to be used to encrypt and authenticate communications from Salesforce to your server.
    • Username: Enter the username for a user known to the API Server.
    • Password: Enter the user's authtoken.

Synchronize Okta Objects

After you have created the external data source, follow the steps below to create Okta external objects that reflect any changes in the data source. You will synchronize the definitions for the Okta external objects with the definitions for Okta tables.

  1. Click the link for the external data source you created.
  2. Click Validate and Sync.
  3. Select the Okta tables you want to work with as external objects.

Access Okta Data as Salesforce Objects

After adding Okta data as an external data source and syncing Okta tables with Okta external objects, you can use the external objects just as you would standard Salesforce objects.

  • Create a new tab with a filter list view:

  • Display related lists of Okta external objects alongside standard Salesforce objects:

Troubleshooting

You can use the following checklist to avoid typical connection problems:

  • Ensure that your server has a publicly accessible IP address. Related to this check, but one layer up, at the operating system layer, you will also need to ensure that your firewall has an opening for the port the API Server is running on. At the application layer, ensure that you have added trusted IP addresses on the Settings -> Security tab of the administration console.
  • Ensure that you are using a connection secured by an SSL certificate from a commercial, trusted CA. Salesforce does not currently accept self-signed certificates or internal CAs.

  • Ensure that the server you are hosting the API Server on is using TLS 1.1 or above. If you are using the .NET API Server, you can accomplish this by using the .NET API Server's embedded server.

    If you are using IIS, TLS 1.1 and 1.2 are supported but not enabled by default. To enable these protocols, refer to the how-to on MSDN and the Microsoft technical reference.

    If you are using the Java edition, note that TLS 1.2 is enabled by default in Java 8 but not in Java 6 or 7. If you are using these earlier versions, you can refer to this this Oracle how-to.

Ready to get started?

Learn more or sign up for a free trial:

CData API Server

In this article

Related articles