Deploy the ADO.NET Provider for Okta on an SSRS Report Server

In this article, we will guide you through the deployment process of the CData ADO.NET Provider for Okta on an SQL Server Reporting Services (SSRS) report server. Additionally, you will learn how to establish a shared data source, which facilitates connectivity to real-time Okta data from various reports. You can then access these shared data sources from the Report Designer within Visual Studio. For detailed instructions on creating datasets in Report Designer using ADO.NET, please refer to the "Using ADO.NET" section in the help documentation.

Deploy the ADO.NET Provider

The provider installation automatically deploys the provider on report servers in native mode. On report servers in SharePoint mode, you can use the install-sprs.ps1 PowerShell script to deploy. Simply run the script from the lib subfolder in the installation directory, or pass in the "path" parameter.

Create a Shared Data Source for Okta

You can create shared data sources directly from a report server or SharePoint site. Alternatively, you can use Report Designer to create shared data sources.

Report Designer

You can use Report Designer to create shared data sources on native mode report servers and report servers on a SharePoint server farm.

1. In a Report Server Project in Visual Studio, right-click Shared Data Sources in Solution Explorer and click Add New Data Source.
2. Enter a name for the data source and in the Type menu select CData Okta Report.
3. In the Connection String box, enter the connection string to connect to Okta. A typical connection string is below: Domain=dev-44876464.okta.com;InitiateOAuth=GETANDREFRESH

   To connect to Okta, set the Domain connection string property to your Okta domain.

   You will use OAuth to authenticate with Okta, so you need to create a custom OAuth application.

   Creating a Custom OAuth Application

   From your Okta account:

   1. Sign in to your Okta developer edition organization with your administrator account.
   2. In the Admin Console, go to Applications > Applications.
   3. Click Create App Integration.
   4. For the Sign-in method, select OIDC - OpenID Connect.
   5. For Application type, choose Web Application.
   6. Enter a name for your custom application.
   7. Set the Grant Type to Authorization Code. If you want the token to be automatically refreshed, also check Refresh Token.
   8. Set the callback URL:
      • For desktop applications and headless machines, use http://localhost:33333 or another port number of your choice. The URI you set here becomes the CallbackURL property.
      • For web applications, set the callback URL to a trusted redirect URL. This URL is the web location the user returns to with the token that verifies that your application has been granted access.
   9. In the Assignments section, either select Limit access to selected groups and add a group, or skip group assignment for now.
   10. Save the OAuth application.
   11. The application's Client Id and Client Secret are displayed on the application's General tab. Record these for future use. You will use the Client Id to set the OAuthClientId and the Client Secret to set the OAuthClientSecret.
   12. Check the Assignments tab to confirm that all users who must access the application are assigned to the application.
   13. On the Okta API Scopes tab, select the scopes you wish to grant to the OAuth application. These scopes determine the data that the app has permission to read, so a scope for a particular view must be granted for the driver to have permission to query that view. To confirm the scopes required for each view, see the view-specific pages in Data Model < Views in the Help documentation.

   When you configure the connection, you may also want to set the Max Rows connection property. This will limit the number of rows returned, which is especially helpful for improving performance when designing reports and visualizations.

4. Set the folder and server URL in your project properties. If you are publishing to SharePoint, the values for all properties must be fully qualified URLs. For example:
   • Report Server: http://MyServerName/ReportServer
   • SharePoint: http://MyServerName/MySite/MySubsite
5. Right-click the shared data source and click Deploy.

Report Manager

On native mode installations of report server, you can use Report Manager to create shared data sources. You must have permissions to manage data sources on the report server.

1. From the Home page in Report Manager, click New Data Source. The New Data Source page is displayed.
2. Enter a name for the data source and in the Data Source Type menu, select CData Okta Report.
3. In the Connection String box, enter the connection string to connect to Okta. A typical connection string is below: Domain=dev-44876464.okta.com;InitiateOAuth=GETANDREFRESH

   To connect to Okta, set the Domain connection string property to your Okta domain.

   You will use OAuth to authenticate with Okta, so you need to create a custom OAuth application.

   Creating a Custom OAuth Application

   From your Okta account:

   1. Sign in to your Okta developer edition organization with your administrator account.
   2. In the Admin Console, go to Applications > Applications.
   3. Click Create App Integration.
   4. For the Sign-in method, select OIDC - OpenID Connect.
   5. For Application type, choose Web Application.
   6. Enter a name for your custom application.
   7. Set the Grant Type to Authorization Code. If you want the token to be automatically refreshed, also check Refresh Token.
   8. Set the callback URL:
      • For desktop applications and headless machines, use http://localhost:33333 or another port number of your choice. The URI you set here becomes the CallbackURL property.
      • For web applications, set the callback URL to a trusted redirect URL. This URL is the web location the user returns to with the token that verifies that your application has been granted access.
   9. In the Assignments section, either select Limit access to selected groups and add a group, or skip group assignment for now.
   10. Save the OAuth application.
   11. The application's Client Id and Client Secret are displayed on the application's General tab. Record these for future use. You will use the Client Id to set the OAuthClientId and the Client Secret to set the OAuthClientSecret.
   12. Check the Assignments tab to confirm that all users who must access the application are assigned to the application.
   13. On the Okta API Scopes tab, select the scopes you wish to grant to the OAuth application. These scopes determine the data that the app has permission to read, so a scope for a particular view must be granted for the driver to have permission to query that view. To confirm the scopes required for each view, see the view-specific pages in Data Model < Views in the Help documentation.

SharePoint

Follow the steps below to create a shared data source on a SharePoint site. Note that this step has the following prerequisites in SharePoint 2013:

• The Reporting Services add-in for SharePoint
• The Report Server Integration site collection feature

Follow the steps below to add the report server content types to your library:

1. Log into SharePoint and open the library where you want to save the .rsds file.
2. Click Library on the ribbon and then click Library Settings.
3. In the General Settings section, click Advanced Settings.
4. In the Content Types section, select Yes to allow the management of content types. The Content Types section is added to the Library Settings page.
5. On the Library Settings page, click Add from existing site content types.
6. In the Available Site Content Types list, select Report Data Source and click Add.

You can then create the shared data source. You will create an .rsds file that contains the connection information to Okta.

1. Log into SharePoint and open the library where you want to save the .rsds file.
2. On the ribbon click Documents -> New Document -> Report Data Source.
3. Enter a name for the data source.
4. In the Data Source Type menu, select CData Okta Report.
5. In the Connection String box, enter the connection string to connect to Okta. A typical connection string is below: Domain=dev-44876464.okta.com;InitiateOAuth=GETANDREFRESH

   To connect to Okta, set the Domain connection string property to your Okta domain.

   You will use OAuth to authenticate with Okta, so you need to create a custom OAuth application.

   Creating a Custom OAuth Application

   From your Okta account:

   1. Sign in to your Okta developer edition organization with your administrator account.
   2. In the Admin Console, go to Applications > Applications.
   3. Click Create App Integration.
   4. For the Sign-in method, select OIDC - OpenID Connect.
   5. For Application type, choose Web Application.
   6. Enter a name for your custom application.
   7. Set the Grant Type to Authorization Code. If you want the token to be automatically refreshed, also check Refresh Token.
   8. Set the callback URL:
      • For desktop applications and headless machines, use http://localhost:33333 or another port number of your choice. The URI you set here becomes the CallbackURL property.
      • For web applications, set the callback URL to a trusted redirect URL. This URL is the web location the user returns to with the token that verifies that your application has been granted access.
   9. In the Assignments section, either select Limit access to selected groups and add a group, or skip group assignment for now.
   10. Save the OAuth application.
   11. The application's Client Id and Client Secret are displayed on the application's General tab. Record these for future use. You will use the Client Id to set the OAuthClientId and the Client Secret to set the OAuthClientSecret.
   12. Check the Assignments tab to confirm that all users who must access the application are assigned to the application.
   13. On the Okta API Scopes tab, select the scopes you wish to grant to the OAuth application. These scopes determine the data that the app has permission to read, so a scope for a particular view must be granted for the driver to have permission to query that view. To confirm the scopes required for each view, see the view-specific pages in Data Model < Views in the Help documentation.