PowerShell Scripting to Replicate Okta Data to MySQL

The CData Cmdlets for Okta offer live access to Okta data from within PowerShell. Using PowerShell scripts, you can easily automate regular tasks like data replication. This article will walk through using the CData Cmdlets for Okta and the CData Cmdlets for MySQL in PowerShell to replicate Okta data to a MySQL database.

After obtaining the needed connection properties, accessing Okta data in PowerShell and preparing for replication consists of four basic steps.

To connect to Okta, set the Domain connection string property to your Okta domain.

You will use OAuth to authenticate with Okta, so you need to create a custom OAuth application.

Creating a Custom OAuth Application

From your Okta account:

1. Sign in to your Okta developer edition organization with your administrator account.
2. In the Admin Console, go to Applications > Applications.
3. Click Create App Integration.
4. For the Sign-in method, select OIDC - OpenID Connect.
5. For Application type, choose Web Application.
6. Enter a name for your custom application.
7. Set the Grant Type to Authorization Code. If you want the token to be automatically refreshed, also check Refresh Token.
8. Set the callback URL:
   • For desktop applications and headless machines, use http://localhost:33333 or another port number of your choice. The URI you set here becomes the CallbackURL property.
   • For web applications, set the callback URL to a trusted redirect URL. This URL is the web location the user returns to with the token that verifies that your application has been granted access.
9. In the Assignments section, either select Limit access to selected groups and add a group, or skip group assignment for now.
10. Save the OAuth application.
11. The application's Client Id and Client Secret are displayed on the application's General tab. Record these for future use. You will use the Client Id to set the OAuthClientId and the Client Secret to set the OAuthClientSecret.
12. Check the Assignments tab to confirm that all users who must access the application are assigned to the application.
13. On the Okta API Scopes tab, select the scopes you wish to grant to the OAuth application. These scopes determine the data that the app has permission to read, so a scope for a particular view must be granted for the driver to have permission to query that view. To confirm the scopes required for each view, see the view-specific pages in Data Model < Views in the Help documentation.

Collecting Okta Data

1. Install the module:

   Install-Module OktaCmdlets

2. Connect to Okta:

   $okta = Connect-Okta -Domain $Domain

3. Retrieve the data from a specific resource:

   $data = Select-Okta -Connection $okta -Table "Users"

   You can also use the Invoke-Okta cmdlet to execute pure SQL-92 statements:

   $data = Invoke-Okta -Connection $okta -Query 'SELECT * FROM Users WHERE Status = @Status' -Params @{'@Status'='Active'}

4. Save a list of the column names from the returned data.

   $columns = ($data | Get-Member -MemberType NoteProperty | Select-Object -Property Name).Name

Inserting Okta Data into the MySQL Database

With the data and column names collected, you are ready to replicate the data into a MySQL database.

1. Install the module:

   Install-Module MySQLCmdlets

2. Connect to MySQL, using the server address and port of the MySQL server, valid user credentials, and a specific database with the table in which the data will be replicated:

   $mysql = Connect-MySQL -User $User -Password $Password -Database $Database -Server $Server -Port $Port

3. Loop through the Okta data, store the values, and use the Add-MySQL cmdlet to insert the data into the MySQL database, one row at a time. In this example, the table will need to have the same name as the Okta resource (Users) and to exist in the database.

   $data | % { $row = $_ $values = @() $columns | % { $col = $_ $values += $row.$($col) } Add-MySQL -Connection $mysql -Table "Users" -Columns $columns -Values $values }

You have now replicated your Okta data to a MySQL database. This gives you freedom to work with Okta data in the same way that you work with other MySQL tables, whether that is performing analytics, building reports, or other business functions.

Notes

• Once you have connected to Okta and MySQL in PowerShell, you can pipe command results to perform the replication in a single line:

  Select-Okta -Connection $okta -Table "Users" | % { $row = $_ $values = @() $columns | % { $col = $_ $values += $row.$($col) } Add-MySQL -Connection $mysql -Table "Users" -Columns $columns -Values $values }

• If you wish to replicate the Okta data to another database using another PowerShell module, you will want to exclude the Columns, Connection, and Table columns from the data returned by the Select-Okta cmdlet since those columns are used to help pipe data from one CData cmdlet to another:

  $columns = ($data | Get-Member -MemberType NoteProperty | Select-Object -Property Name).Name | ? {$_ -NotIn @('Columns','Connection','Table')}