Access Okta Data as a Remote Oracle Database

The Oracle Database Gateway for ODBC and Heterogeneous Services technology enable you to connect to ODBC data sources as remote Oracle databases. This article shows how to use the CData ODBC Driver for Okta to create a database link from Okta to Oracle and to query Okta data through the SQL*Plus tool. You can also create the database link and execute queries from SQL Developer.

Connect to Okta as an ODBC Data Source

Information for connecting to Okta follows, along with different instructions for configuring a DSN in Windows and Linux environments.

To connect to Okta, set the Domain connection string property to your Okta domain.

You will use OAuth to authenticate with Okta, so you need to create a custom OAuth application.

Creating a Custom OAuth Application

From your Okta account:

1. Sign in to your Okta developer edition organization with your administrator account.
2. In the Admin Console, go to Applications > Applications.
3. Click Create App Integration.
4. For the Sign-in method, select OIDC - OpenID Connect.
5. For Application type, choose Web Application.
6. Enter a name for your custom application.
7. Set the Grant Type to Authorization Code. If you want the token to be automatically refreshed, also check Refresh Token.
8. Set the callback URL:
   • For desktop applications and headless machines, use http://localhost:33333 or another port number of your choice. The URI you set here becomes the CallbackURL property.
   • For web applications, set the callback URL to a trusted redirect URL. This URL is the web location the user returns to with the token that verifies that your application has been granted access.
9. In the Assignments section, either select Limit access to selected groups and add a group, or skip group assignment for now.
10. Save the OAuth application.
11. The application's Client Id and Client Secret are displayed on the application's General tab. Record these for future use. You will use the Client Id to set the OAuthClientId and the Client Secret to set the OAuthClientSecret.
12. Check the Assignments tab to confirm that all users who must access the application are assigned to the application.
13. On the Okta API Scopes tab, select the scopes you wish to grant to the OAuth application. These scopes determine the data that the app has permission to read, so a scope for a particular view must be granted for the driver to have permission to query that view. To confirm the scopes required for each view, see the view-specific pages in Data Model < Views in the Help documentation.

Windows

If you have not already, first specify connection properties in an ODBC DSN (data source name). This is the last step of the driver installation. You can use the Microsoft ODBC Data Source Administrator to create and configure ODBC DSNs.

Note: If you need to modify the DSN or create other Okta DSNs, you must use a system DSN and the bitness of the DSN must match your Oracle system. You can access and create 32-bit DSNs on a 64-bit system by opening the 32-bit ODBC Data Source Administrator from C:\Windows\SysWOW64\odbcad32.exe.

Linux

If you are installing the CData ODBC Driver for Okta in a Linux environment, the driver installation predefines a system DSN. You can modify the DSN by editing the system data sources file (/etc/odbc.ini) and defining the required connection properties.

/etc/odbc.ini

For specific information on using these configuration files, please refer to the help documentation (installed and found online).

Set Connection Properties for Compatibility with Oracle

The driver provides several connection properties that streamline accessing Okta data just as you would an Oracle database. Set the following properties when working with Okta data in SQL*Plus and SQL Developer. For compatibility with Oracle, you will need to set the following connection properties, in addition to authentication and other required connection properties.

• MapToWVarchar=False

  Set this property to map string data types to SQL_VARCHAR instead of SQL_WVARCHAR. By default, the driver uses SQL_WVARCHAR to accommodate various international character sets. You can use this property to avoid the ORA-28528 Heterogeneous Services data type conversion error when the Unicode type is returned.

• MaximumColumnSize=4000

  Set this property to restrict the maximum column size to 4000 characters.

• IncludeDualTable=True

  Set this property to mock the Oracle DUAL table. SQL Developer uses this table to test the connection.

Linux Configuration

In Linux environments, Oracle uses UTF-8 to communicate with the unixODBC Driver manager, whereas the default driver encoding is UTF-16. To resolve this, open the file /opt/cdata/cdata-driver-for-okta/lib/cdata.odbc.okta.ini in a text editor and set the encoding.

cdata.odbc.okta.ini

Configure the ODBC Gateway, Oracle Net, and Oracle Database

Follow the procedure below to set up an ODBC gateway to Okta data that enables you to query live Okta data as an Oracle database.

1. Create the file initmyoktadb.ora in the folder oracle-home-directory/hs/admin and add the following setting:

   initmyoktadb.ora

   HS_FDS_CONNECT_INFO = "CData Okta Sys"
2. Add an entry to the listener.ora file. This file is located in oracle-home-directory/NETWORK/admin.

   If you are using the Database Gateway for ODBC, your listener.ora needs to have a SID_LIST_LISTENER entry that resembles the following:

   listener.ora

   SID_LIST_LISTENER = (SID_LIST = (SID_DESC = (SID_NAME = myoktadb) (ORACLE_HOME = your-oracle-home) (PROGRAM = dg4odbc) ) )

   If you are using Heterogeneous Services, your listener.ora needs to have a SID_LIST_LISTENER entry that resembles the following:

   listener.ora

   SID_LIST_LISTENER = (SID_LIST = (SID_DESC = (SID_NAME = myoktadb) (ORACLE_HOME = your-oracle-home) (PROGRAM = hsodbc) ) )

3. Add the connect descriptor below in tnsnames.ora, located in oracle-home-directory/NETWORK/admin:

   tnsnames.ora

   myoktadb = (DESCRIPTION= (ADDRESS=(PROTOCOL=tcp)(HOST=localhost)(PORT=1521)) (CONNECT_DATA=(SID=myoktadb)) (HS=OK) )
4. Restart the listener.

5. Test the configuration with the following command:

   tnsping myoktadb

6. Open SQL*Plus and create the database link with the command below:

   CREATE DATABASE LINK myoktadb CONNECT TO "user" IDENTIFIED BY "password" USING 'myoktadb';

You can now execute queries in SQL*Plus like the one below (note the double quotation marks around the table name):