Connect to Okta Data as a Linked Server

You can use the SQL Gateway to configure a TDS (SQL Server) remoting service and set up a linked server for Okta data. After you have started the service, you can use the UI in SQL Server Management Studio or call stored procedures to create the linked server. You can then work with Okta data just as you would a linked SQL Server instance.

Connect to Okta as an ODBC Data Source

If you have not already, first specify connection properties in an ODBC DSN (data source name). This is the last step of the driver installation. You can use the Microsoft ODBC Data Source Administrator to create and configure ODBC DSNs.

To connect to Okta, set the Domain connection string property to your Okta domain.

You will use OAuth to authenticate with Okta, so you need to create a custom OAuth application.

Creating a Custom OAuth Application

From your Okta account:

1. Sign in to your Okta developer edition organization with your administrator account.
2. In the Admin Console, go to Applications > Applications.
3. Click Create App Integration.
4. For the Sign-in method, select OIDC - OpenID Connect.
5. For Application type, choose Web Application.
6. Enter a name for your custom application.
7. Set the Grant Type to Authorization Code. If you want the token to be automatically refreshed, also check Refresh Token.
8. Set the callback URL:
   • For desktop applications and headless machines, use http://localhost:33333 or another port number of your choice. The URI you set here becomes the CallbackURL property.
   • For web applications, set the callback URL to a trusted redirect URL. This URL is the web location the user returns to with the token that verifies that your application has been granted access.
9. In the Assignments section, either select Limit access to selected groups and add a group, or skip group assignment for now.
10. Save the OAuth application.
11. The application's Client Id and Client Secret are displayed on the application's General tab. Record these for future use. You will use the Client Id to set the OAuthClientId and the Client Secret to set the OAuthClientSecret.
12. Check the Assignments tab to confirm that all users who must access the application are assigned to the application.
13. On the Okta API Scopes tab, select the scopes you wish to grant to the OAuth application. These scopes determine the data that the app has permission to read, so a scope for a particular view must be granted for the driver to have permission to query that view. To confirm the scopes required for each view, see the view-specific pages in Data Model < Views in the Help documentation.

Configure the TDS Remoting Service

See the SQL Gateway Overview for a guide to configure a TDS remoting service in the SQL Gateway UI. The TDS remoting service is a daemon process that listens for TDS requests from clients.

Create a Linked Server for Okta Data

After you have configured and started the daemon, create the linked server and connect. You can use the UI in SQL Server Management Studio or call stored procedures.

Create a Linked Server from the UI

Follow the steps below to create a linked server from the Object Explorer.

1. Open SQL Server Management Studio and connect to an instance of SQL Server.
2. In the Object Explorer, expand the node for the SQL Server database. In the Server Objects node, right-click Linked Servers and click New Linked Server. The New Linked Server dialog is displayed.
3. In the General section, click the Other Data Source option and enter the following information after naming the linked server:
   • Provider: Select "Microsoft ODBC Driver for SQL Server" or "Microsoft OLE DB Driver for SQL Server"

   • Data Source: Enter the host and port the TDS remoting service is running on, separated by a comma.

     Note that a value of "localhost" in this input refers to the machine where SQL Server is running so be careful when creating a linked server in Management Studio when not running on the same machine as SQL Server.

   • Catalog: Enter the CData system DSN, CData Okta Sys.
4. In the Security section, select the option to have the connection "made using this security context" and enter the username and password of a user you created in the Users tab of the SQL Gateway.

Create a Linked Server Programmatically

In addition to using the SQL Server Management Studio UI to create a linked server, you can use stored procedures. The following inputs are required:

• server: The linked server name.
• provider: Enter "MSOLEDBSQL", for the Microsoft OLE DB Driver for SQL Server.

• datasrc: The host and port the service is running on, separated by a comma.

  Note that a value of "localhost" in the datasrc input refers to the machine where SQL Server is running, so be careful when creating a linked server in Management Studio when not running on the same machine as SQL Server.

• catalog: Enter the system DSN configured for the service.
• srvproduct: Enter the product name of the data source; this can be an arbitrary value, such as "CData SQL Gateway" or an empty string.

1. Call sp_addlinkedserver to create the linked server:

   EXEC sp_addlinkedserver @server='Okta', @provider='MSOLEDBSQL', @datasrc='< MachineIPAddress >,1434', @catalog='CData Okta Sys', @srvproduct=''; GO

2. Call the sp_addlinkedsrvlogin stored procedure to allow SQL Server users to connect with the credentials of an authorized user of the service. Note that the credentials you use to connect to the service must specify a user you configured on the Users tab of the SQL Gateway.

   EXEC sp_addlinkedsrvlogin @rmtsrvname='Okta', @rmtuser='admin', @rmtpassword='test', @useself='FALSE', @locallogin=NULL; GO

Connect from SQL Server Management Studio

SQL Server Management Studio uses the SQL Server Client OLE DB provider, which requires the ODBC driver to be used inprocess. You must enable the "Allow inprocess" option for the SQL Server Native Client Provider in Management Studio to query the linked server from SQL Server Management Studio. To do this, open the properties for the provider you are using under Server Objects -> Linked Servers -> Providers. Check the "Allow inprocess" option and save the changes.

Execute Queries

You can now execute queries to the Okta linked server from any tool that can connect to SQL Server. Set the table name accordingly: