Stream Okta Data into Apache Kafka Topics

Apache Kafka is an open-source stream processing platform that is primarily used for building real-time data pipelines and event-driven applications. When paired with the CData JDBC Driver for Okta, Kafka can work with live Okta data. This article describes how to connect, access and stream Okta data into Apache Kafka Topics and to start Confluent Control Center to help users secure, manage, and monitor the Okta data received using Kafka infrastructure in the Confluent Platform.

With built-in optimized data processing, the CData JDBC Driver offers unmatched performance for interacting with live Okta data. When you issue complex SQL queries to Okta, the driver pushes supported SQL operations, like filters and aggregations, directly to Okta and utilizes the embedded SQL engine to process unsupported operations client-side (often SQL functions and JOIN operations). Its built-in dynamic metadata querying allows you to work with and analyze Okta data using native data types.

Prerequisites

Before connecting the CData JDBC Driver for streaming Okta data in Apache Kafka Topics, install and configure the following in the client Linux-based system.

1. Confluent Platform for Apache Kafka
2. Confluent Hub CLI Installation
3. Self-Managed Kafka JDBC Source Connector for Confluent Platform

Define a New JDBC Connection to Okta data

1. Download CData JDBC Driver for Okta on a Linux-based system
2. Follow the given instructions to create a new directory extract all the driver contents into it:
   1. Create a new directory named Okta mkdir Okta
   2. Move the downloaded driver file (.zip) into this new directory mv OktaJDBCDriver.zip Okta/
   3. Unzip the CData OktaJDBCDriver contents into this new directory unzip OktaJDBCDriver.zip
3. Open the Okta directory and navigate to the lib folder ls cd lib/
4. Copy the contents of the lib folder of Okta into the lib folder of Kafka Connect JDBC. Check the Kafka Connect JDBC folder contents to confirm that the cdata.jdbc.okta.jar file is successfully copied into the lib folder cp * ../../confluent-7.5.0/share/confluent-hub-components/confluentinc-kafka-connect-jdbc/lib/ cd ../../confluent-7.5.0/share/confluent-hub-components/confluentinc-kafka-connect-jdbc/lib/
5. Install the CData Okta JDBC driver license using the given command, followed by your Name and Email ID java -jar cdata.jdbc.okta.jar -l
6. Enter the product key or "TRIAL" (In the scenarios of license expiry, please contact our CData Support team)
7. Start the Confluent local services using the command: confluent local services start

   This starts all the Confluent Services like Zookeeper, Kafka, Schema Registry, Kafka REST, Kafka CONNECT, ksqlDB and Control Center. You are now ready to use the CData JDBC driver for Okta to stream messages using Kafka Connect Driver into Kafka Topics on ksqlDB.

8. Create the Kafka topics manually using a POST HTTP API Request: curl --location 'server_address:8083/connectors' --header 'Content-Type: application/json' --data '{ "name": "jdbc_source_cdata_okta_01", "config": { "connector.class": "io.confluent.connect.jdbc.JdbcSourceConnector", "connection.url": "jdbc:okta:Domain=dev-44876464.okta.com;; InitiateOAuth=GETANDREFRESH", "topic.prefix": "okta-01-", "mode": "bulk" } }'

   Let us understand the fields used in the HTTP POST body (shown above):

   • connector.class: Specifies the Java class of the Kafka Connect connector to be used.
   • connection.url: The JDBC connection URL to connect with Okta data.

     Built-in Connection String Designer

     For assistance in constructing the JDBC URL, use the connection string designer built into the Okta JDBC Driver. Either double-click the JAR file or execute the jar file from the command-line.

     java -jar cdata.jdbc.okta.jar

     Fill in the connection properties and copy the connection string to the clipboard.

     To connect to Okta, set the Domain connection string property to your Okta domain.

     You will use OAuth to authenticate with Okta, so you need to create a custom OAuth application.

     Creating a Custom OAuth Application

     From your Okta account:

     1. Sign in to your Okta developer edition organization with your administrator account.
     2. In the Admin Console, go to Applications > Applications.
     3. Click Create App Integration.
     4. For the Sign-in method, select OIDC - OpenID Connect.
     5. For Application type, choose Web Application.
     6. Enter a name for your custom application.
     7. Set the Grant Type to Authorization Code. If you want the token to be automatically refreshed, also check Refresh Token.
     8. Set the callback URL:
        • For desktop applications and headless machines, use http://localhost:33333 or another port number of your choice. The URI you set here becomes the CallbackURL property.
        • For web applications, set the callback URL to a trusted redirect URL. This URL is the web location the user returns to with the token that verifies that your application has been granted access.
     9. In the Assignments section, either select Limit access to selected groups and add a group, or skip group assignment for now.
     10. Save the OAuth application.
     11. The application's Client Id and Client Secret are displayed on the application's General tab. Record these for future use. You will use the Client Id to set the OAuthClientId and the Client Secret to set the OAuthClientSecret.
     12. Check the Assignments tab to confirm that all users who must access the application are assigned to the application.
     13. On the Okta API Scopes tab, select the scopes you wish to grant to the OAuth application. These scopes determine the data that the app has permission to read, so a scope for a particular view must be granted for the driver to have permission to query that view. To confirm the scopes required for each view, see the view-specific pages in Data Model < Views in the Help documentation.

   • topic.prefix: A prefix that will be added to the Kafka topics created by the connector. It's set to "okta-01-".
   • mode: Specifies the mode in which the connector operates. In this case, it's set to "bulk", which suggests that the connector is configured to perform bulk data transfer.

   This request adds all the tables/contents from Okta as Kafka Topics.

   Note: The IP Address (server) to POST the request (shown above) is the Linux Network IP Address.

9. Run ksqlDB and list the topics. Use the commands: ksql list topics;
10. To view the data inside the topics, type the SQL Statement: PRINT topic FROM BEGINNING;

Connecting with the Confluent Control Center

To access the Confluent Control Center user interface, ensure to run the "confluent local services" as described in the above section and type http://<server address>:9021/clusters/ on your local browser.

Get Started Today

Download a free, 30-day trial of the CData JDBC Driver for Okta and start streaming Okta data into Apache Kafka. Reach out to our Support Team if you have any questions.