Visualize Okta Data in TIBCO Spotfire through OData

OData is a major protocol enabling real-time communication among cloud-based, mobile, and other online applications. The CData API Server provides Okta data to OData consumers like TIBCO Spotfire. This article shows how to use the API Server and Spotfire's built-in support for OData to access Okta data in real time.

Set Up the API Server

If you have not already done so, download the CData API Server. Once you have installed the API Server, follow the steps below to begin producing secure Okta OData services:

Connect to Okta

To work with Okta data from TIBCO Spotfire, we start by creating and configuring a Okta connection. Follow the steps below to configure the API Server to connect to Okta data:

1. First, navigate to the Connections page.
2. Click Add Connection and then search for and select the Okta connection.
3. Enter the necessary authentication properties to connect to Okta.

   To connect to Okta, set the Domain connection string property to your Okta domain.

   You will use OAuth to authenticate with Okta, so you need to create a custom OAuth application.

   Creating a Custom OAuth Application

   From your Okta account:

   1. Sign in to your Okta developer edition organization with your administrator account.
   2. In the Admin Console, go to Applications > Applications.
   3. Click Create App Integration.
   4. For the Sign-in method, select OIDC - OpenID Connect.
   5. For Application type, choose Web Application.
   6. Enter a name for your custom application.
   7. Set the Grant Type to Authorization Code. If you want the token to be automatically refreshed, also check Refresh Token.
   8. Set the callback URL:
      • For desktop applications and headless machines, use http://localhost:33333 or another port number of your choice. The URI you set here becomes the CallbackURL property.
      • For web applications, set the callback URL to a trusted redirect URL. This URL is the web location the user returns to with the token that verifies that your application has been granted access.
   9. In the Assignments section, either select Limit access to selected groups and add a group, or skip group assignment for now.
   10. Save the OAuth application.
   11. The application's Client Id and Client Secret are displayed on the application's General tab. Record these for future use. You will use the Client Id to set the OAuthClientId and the Client Secret to set the OAuthClientSecret.
   12. Check the Assignments tab to confirm that all users who must access the application are assigned to the application.
   13. On the Okta API Scopes tab, select the scopes you wish to grant to the OAuth application. These scopes determine the data that the app has permission to read, so a scope for a particular view must be granted for the driver to have permission to query that view. To confirm the scopes required for each view, see the view-specific pages in Data Model < Views in the Help documentation.
   
4. After configuring the connection, click Save & Test to confirm a successful connection.

Configure API Server Users

Next, create a user to access your Okta data through the API Server. You can add and configure users on the Users page. Follow the steps below to configure and create a user:

1. On the Users page, click Add User to open the Add User dialog.
2. Next, set the Role, Username, and Privileges properties and then click Add User.
3. An Authtoken is then generated for the user. You can find the Authtoken and other information for each user on the Users page:

Creating API Endpoints for Okta

Having created a user, you are ready to create API endpoints for the Okta tables:

1. First, navigate to the API page and then click Add Table .
2. Select the connection you wish to access and click Next.
3. With the connection selected, create endpoints by selecting each table and then clicking Confirm.

Gather the OData Url

Having configured a connection to Okta data, created a user, and added resources to the API Server, you now have an easily accessible REST API based on the OData protocol for those resources. From the API page in API Server, you can view and copy the API Endpoints for the API:

Create Data Visualizations on External Okta Data

1. Open Spotfire and click Add Data Tables -> OData.
2. In the OData Connection dialog, enter the following information:
   • Service URL: Enter the API Server's OData endpoint. For example:

     http://localhost:8080/api.rsc

   • Authentication Method: Select Username and Password.
   • Username: Enter the username of an API Server user. You can create API users on the Security tab of the administration console.
   • Password: Enter the authtoken of an API Server user.
   
3. Select the tables and columns you want to add to the dashboard. This example uses Users.
4. If you want to work with the live data, click the Keep Data Table External option. This option enables your dashboards to reflect changes to the data in real time.

   If you want to load the data into memory and process the data locally, click the Import Data Table option. This option is better for offline use or if a slow network connection is making your dashboard less interactive.

5. After adding tables, the Recommended Visualizations wizard is displayed. When you select a table, Spotfire uses the column data types to detect number, time, and category columns. This example uses ProfileFirstName in the Numbers section and Id in the Categories section.

After adding several visualizations in the Recommended Visualizations wizard, you can make other modifications to the dashboard. For example, you can apply a filter: After clicking the Filter button, the available filters for each query are displayed in the Filters pane.