Administer DataStores
Overview
The purpose of guide is to describe Access Gateway DataStores and how they can be created, used and managed.
Concepts
DataStores:
- Augment Access Gateway sessions using external Data Stores.
- Support bi-directional synchronization between Access Gateway and external Data Stores.
- Support databases, including: MySQL, MS SQL, Oracle and Postgres.
- Support LDAP. including: Any LDAP V3 compliant Active DirectoryActive Directory (AD) is a directory service that Microsoft developed for the Windows domain networks. It is included in most Windows Server operating systems as a set of processes and services. Initially, Active Directory was only in charge of centralized domain management., Oracle Internet Directory/Unified Directory, OpenLDAP and others.
- May be added, modified, deleted and otherwise managed within the Access Gateway UI.

To add a data store:
- Navigate to your Access Gateway InstanceAn instance, or computer instance, is a virtual machine (VM) or individual physical computer, used to host a software appliance..
- Select the Settings tab.
- Select the Data Stores pane.
- Select (+)> Sql Database or (+) > LDAP Database.

After selecting Sql Database the Create New Data Store wizard will start, initialized for database creation.
- Enter the following details:
Field Description Example Name Name used to identify the data store. My SQL Datastore Driver Driver for datastore. Choose one of:
- MySQL/MariaDB
- PostgreSQL
- MSSQL Server
- OracleDB
MySQL/MariaDB HostName:Port Enter the FQDNA fully qualified domain name (FQDN) is the complete domain name for a specific computer, or host, on the internet. and port for the database instance. mysqlserver.example.com:3306 Database Name of the database (schema) within the database. userDatabase Username
Username to access the database.
dbuser
Password
Password associated with Username.
password*
Advanced Query Mode
Disabled: Specify the table name.
people
- Click the Not Validated (
)button when complete.
Okta Access Gateway will validate the connection to the database.
On success the button will turn green () and show that the connection is valid.
- Add Where Clause:
The where clause defines the join between the your Okta tenant and the database.- Click the (+)
- In the new clause content dialog enter:
Field Value example
Field The database field to join with email
Value The idPAn acronym for Identity Provider. It is a service that manages end user accounts analogous to user directories such as LDAP and Active Directory, and can send SAML responses to SPs to authenticate end users. Within this scenario, the IdP is Okta. field to join against ${email@idp}
The result should resemble:Note
The Value field can contain a fixed value or a reference to a field within a data store. Most common use is ${fieldInIdP@idp} where fieldInIdP represents the field used to join against the table and is from the fields available in the idP profile.
- Click Save (
)when complete.
Repeat as required. - Click Okay to save the data store definition.
Caution
Fields used in where clause MUST be defined as attributes for the application. If the field it not listed as an application attribute an error will result.
- Click the (+)
- Manage Available Fields
After validation all fields from with a data store are automatically added to the Available Fields list.
To remove a field from the data store:- Place the cursor directly before a field to be removed.
- Click the delete key to remove the field.
To add a field to the data store.
- Place the cursor anywhere into the list of fields.
Note that the new field will be added to the list at the position of the cursor.
Position in the list has no impact on the availability of fields in a data store. - From the list of unused fields click the name of a field to add it to the list of available fields.

Important
Data stores are created disabled by default. To use a data store activate as shown.

After selecting LDAPDatabase the Create New DataStore wizard will start, initialized for LDAP creation.
- Enter the following details:
Field Description Example Name Name used to identify the data store. My LDAP Datastore LDAP Connection String URL to LDAP Server and port. ldap://myldap.example.com:10362 Bind User
Username used to perform reads and writes.
CN=Administrator,CN=Users,DC=someuser,DC=info
Bind User Password
Bind User Password.
password
Search DN
The base DN from which to perform the search.
CN=Users,DC=someuser,DC=into
Matching Filter
The filter used to match records returned from the Search DN.
(mail=${email@idp})
Caution
Fields used in Matching Filter clause MUST be defined as attributes for the application. If the field it not listed as an application attribute an error will result.
- Click the Not Validated (
)button when complete.
Okta Access Gateway will validate the connection to LDAP.
On success the button will turn green () and show that the connection is valid.
- Manage Available Fields
After validation all fields from with a data store are automatically added to the Available Fields list.
To remove a field from the data store:- Place the cursor directly before a field to be removed.
- Click the delete key to remove the field.
To add a field to the data store.
- Place the cursor anywhere into the list of fields.
Note that the new field will be added to the list at the position of the cursor.
Position in the list has no impact on the availability of fields in a data store. - From the list of unused fields click the name of a field to add it to the list of available fields.
Important
By default, data stores are created disabled. To use a data store activate as shown below.

Data stores can be testing using simulations.
-
To test a database data store:
- In the row associated with database the data store click the simulate button.
- For each where clause field enter a value which should match the associated entry in the idP.
- Click Test to run the sum the simulation.
Click Close to end. - Examine the result which should return data from the data store for the provided key.
- In the row associated with database the data store click the simulate button.
- To test an LDAP datastore:
- In the row associated with the LDAP data store click the simulate button.
- For each LDAP field in the Matching Filter enter a value
- Click Test to run the sum the simulation.
Click Close to end. - Examine the result which should return data from the data store for the provided filter fields.

After creation, data stores can be:
- Activated and deactivated - Use the active/inactive (
) toggle to activate or deactivate a data store.
By default, new data stores inactive.Caution
Deactivating an in use data store may cause unexpected issues.
- Edit - Use the edit (
) button to change any of the values associated with a data store.
- Deleted - Use the delete (
) button to delete an existing data store.

Caution
Deleting an in-use data store may cause unexpected result. Before deleting a data store always remove all associated attributes before deleting a data store.