How to connect and process Okta Data from Azure Databricks

Databricks is a cloud-based service that provides data processing capabilities through Apache Spark. When paired with the CData JDBC Driver, customers can use Databricks to perform data engineering and data science on live Okta data. This article walks through hosting the CData JDBC Driver in Azure, as well as connecting to and processing live Okta data in Databricks.

With built-in optimized data processing, the CData JDBC driver offers unmatched performance for interacting with live Okta data. When you issue complex SQL queries to Okta, the driver pushes supported SQL operations, like filters and aggregations, directly to Okta and utilizes the embedded SQL engine to process unsupported operations client-side (often SQL functions and JOIN operations). Its built-in dynamic metadata querying allows you to work with and analyze Okta data using native data types.

Install the CData JDBC Driver in Azure

To work with live Okta data in Databricks, install the driver on your Azure cluster.

1. Navigate to your Databricks administration screen and select the target cluster.
2. On the Libraries tab, click "Install New."
3. Select "Upload" as the Library Source and "Jar" as the Library Type.
4. Upload the JDBC JAR file (cdata.jdbc.okta.jar) from the installation location (typically C:\Program Files\CData[product_name]\lib).

Connect to Okta from Databricks

With the JAR file installed, we are ready to work with live Okta data in Databricks. Start by creating a new notebook in your workspace. Name the notebook, select Python as the language (though Scala is available as well), and choose the cluster where you installed the JDBC driver. When the notebook launches, we can configure the connection, query Okta, and create a basic report.

Configure the Connection to Okta

Connect to Okta by referencing the class for the JDBC Driver and constructing a connection string to use in the JDBC URL. Additionally, you will need to set the RTK property in the JDBC URL (unless you are using a Beta driver). You can view the licensing file included in the installation for information on how to set this property.

driver = "cdata.jdbc.okta.OktaDriver"
url = "jdbc:okta:RTK=5246...;Domain=dev-44876464.okta.com;InitiateOAuth=GETANDREFRESH"

Built-in Connection String Designer

For assistance in constructing the JDBC URL, use the connection string designer built into the Okta JDBC Driver. Either double-click the JAR file or execute the jar file from the command-line.

Fill in the connection properties and copy the connection string to the clipboard.

To connect to Okta, set the Domain connection string property to your Okta domain.

You will use OAuth to authenticate with Okta, so you need to create a custom OAuth application.

Creating a Custom OAuth Application

From your Okta account:

1. Sign in to your Okta developer edition organization with your administrator account.
2. In the Admin Console, go to Applications > Applications.
3. Click Create App Integration.
4. For the Sign-in method, select OIDC - OpenID Connect.
5. For Application type, choose Web Application.
6. Enter a name for your custom application.
7. Set the Grant Type to Authorization Code. If you want the token to be automatically refreshed, also check Refresh Token.
8. Set the callback URL:
   • For desktop applications and headless machines, use http://localhost:33333 or another port number of your choice. The URI you set here becomes the CallbackURL property.
   • For web applications, set the callback URL to a trusted redirect URL. This URL is the web location the user returns to with the token that verifies that your application has been granted access.
9. In the Assignments section, either select Limit access to selected groups and add a group, or skip group assignment for now.
10. Save the OAuth application.
11. The application's Client Id and Client Secret are displayed on the application's General tab. Record these for future use. You will use the Client Id to set the OAuthClientId and the Client Secret to set the OAuthClientSecret.
12. Check the Assignments tab to confirm that all users who must access the application are assigned to the application.
13. On the Okta API Scopes tab, select the scopes you wish to grant to the OAuth application. These scopes determine the data that the app has permission to read, so a scope for a particular view must be granted for the driver to have permission to query that view. To confirm the scopes required for each view, see the view-specific pages in Data Model < Views in the Help documentation.

Load Okta Data

Once the connection is configured, you can load Okta data as a dataframe using the CData JDBC Driver and the connection information.

remote_table = spark.read.format ( "jdbc" ) \
	.option ( "driver" , driver) \
	.option ( "url" , url) \
	.option ( "dbtable" , "Users") \
	.load ()

Display Okta Data

Check the loaded Okta data by calling the display function.

display (remote_table.select ("Id"))

Analyze Okta Data in Azure Databricks

If you want to process data with Databricks SparkSQL, register the loaded data as a Temp View.

remote_table.createOrReplaceTempView ( "SAMPLE_VIEW" )

The SparkSQL below retrieves the Okta data for analysis.

% sql

SELECT Id, ProfileFirstName FROM Users WHERE Status = 'Active'

The data from Okta is only available in the target notebook. If you want to use it with other users, save it as a table.

remote_table.write.format ( "parquet" ) .saveAsTable ( "SAMPLE_TABLE" )

Download a free, 30-day trial of the CData JDBC Driver for Okta and start working with your live Okta data in Azure Databricks. Reach out to our Support Team if you have any questions.