We are proud to share our inclusion in the 2024 Gartner Magic Quadrant for Data Integration Tools. We believe this recognition reflects the differentiated business outcomes CData delivers to our customers.
Get the Report →Using the CData ODBC Driver for PingOne in PyCharm
Connect to PingOne as an ODBC data source in PyCharm using the CData ODBC Driver for PingOne.
The CData ODBC Drivers can be used in any environment that supports loading an ODBC Driver. In this tutorial we will explore using the CData ODBC Driver for PingOne from within PyCharm. Included are steps for adding the CData ODBC Driver as a data source, as well as basic PyCharm code to query the data source and display results.
To begin, this tutorial will assume that you have already installed the CData ODBC Driver for PingOne as well as PyCharm.
Add Pyodbc to the Project
Follow the steps below to add the pyodbc module to your project.
- Click File -> Settings to open the project settings window.
- Click Project Interpreter from the Project: YourProjectName menu.
- To add pyodbc, click the + button and enter pyodbc.
- Click Install Package to install pyodbc.

Connect to PingOne
You can now connect with an ODBC connection string or a DSN. See the Getting Started section in the CData driver documentation for a guide to creating a DSN on your OS.
To connect to PingOne, configure these properties:
- Region: The region where the data for your PingOne organization is being hosted.
- AuthScheme: The type of authentication to use when connecting to PingOne.
- Either WorkerAppEnvironmentId (required when using the default PingOne domain) or AuthorizationServerURL, configured as described below.
Configuring WorkerAppEnvironmentId
WorkerAppEnvironmentId is the ID of the PingOne environment in which your Worker application resides. This parameter is used only when the environment is using the default PingOne domain (auth.pingone). It is configured after you have created the custom OAuth application you will use to authenticate to PingOne, as described in Creating a Custom OAuth Application in the Help documentation.
First, find the value for this property:
- From the home page of your PingOne organization, move to the navigation sidebar and click Environments.
- Find the environment in which you have created your custom OAuth/Worker application (usually Administrators), and click Manage Environment. The environment's home page displays.
- In the environment's home page navigation sidebar, click Applications.
- Find your OAuth or Worker application details in the list.
-
Copy the value in the Environment ID field.
It should look similar to:
WorkerAppEnvironmentId='11e96fc7-aa4d-4a60-8196-9acf91424eca'
Now set WorkerAppEnvironmentId to the value of the Environment ID field.
Configuring AuthorizationServerURL
AuthorizationServerURL is the base URL of the PingOne authorization server for the environment where your application is located. This property is only used when you have set up a custom domain for the environment, as described in the PingOne platform API documentation. See Custom Domains.
Authenticating to PingOne with OAuth
PingOne supports both OAuth and OAuthClient authentication. In addition to performing the configuration steps described above, there are two more steps to complete to support OAuth or OAuthCliet authentication:
- Create and configure a custom OAuth application, as described in Creating a Custom OAuth Application in the Help documentation.
- To ensure that the driver can access the entities in Data Model, confirm that you have configured the correct roles for the admin user/worker application you will be using, as described in Administrator Roles in the Help documentation.
- Set the appropriate properties for the authscheme and authflow of your choice, as described in the following subsections.
OAuth (Authorization Code grant)
Set AuthScheme to OAuth.
Desktop Applications
Get and Refresh the OAuth Access Token
After setting the following, you are ready to connect:
- InitiateOAuth: GETANDREFRESH. To avoid the need to repeat the OAuth exchange and manually setting the OAuthAccessToken each time you connect, use InitiateOAuth.
- OAuthClientId: The Client ID you obtained when you created your custom OAuth application.
- OAuthClientSecret: The Client Secret you obtained when you created your custom OAuth application.
- CallbackURL: The redirect URI you defined when you registered your custom OAuth application. For example: https://localhost:3333
When you connect, the driver opens PingOne's OAuth endpoint in your default browser. Log in and grant permissions to the application. The driver then completes the OAuth process:
- The driver obtains an access token from PingOne and uses it to request data.
- The OAuth values are saved in the location specified in OAuthSettingsLocation, to be persisted across connections.
The driver refreshes the access token automatically when it expires.
For other OAuth methods, including Web Applications, Headless Machines, or Client Credentials Grant, refer to the Help documentation.
Below is the syntax for a DSN:
[CData PingOne Source]
Driver = CData ODBC Driver for PingOne
Description = My Description
AuthScheme = OAuth
WorkerAppEnvironmentId = eebc33a8-xxxx-4f3a-yyyy-d3e5262fd49e
Region = NA
OAuthClientId = client_id
OAuthClientSecret = client_secret
Execute SQL to PingOne
Instantiate a Cursor and use the execute method of the Cursor class to execute any SQL statement.
import pyodbc
cnxn = pyodbc.connect('DRIVER={CData ODBC Driver for PingOne};AuthScheme = OAuth;WorkerAppEnvironmentId = eebc33a8-xxxx-4f3a-yyyy-d3e5262fd49e;Region = NA;OAuthClientId = client_id;OAuthClientSecret = client_secret;')
cursor = cnxn.cursor()
cursor.execute("SELECT Id, Username FROM [CData].[Administrators].Users WHERE EmployeeType = 'Contractor'")
rows = cursor.fetchall()
for row in rows:
print(row.Id, row.Username)
After connecting to PingOne in PyCharm using the CData ODBC Driver, you will be able to build Python apps with access to PingOne data as if it were a standard database. If you have any questions, comments, or feedback regarding this tutorial, please contact us at [email protected].