Integrate Data Stores

Data Stores:

  • are used to augment Access Gateway session data using external data sources such as a database or LDAP.
  • Support bi-directional synchronization between Access Gateway and external data sources.
  • Support databases, including: MySQL, MS SQL, Oracle and Postgres.
  • Support LDAP. including: Any LDAP V3 compliant Active Directory, Oracle Internet Directory/Unified Directory, OpenLDAP and others.
  • Are added, modified, deleted and otherwise managed within the Access Gateway UI.



Add a database based Data Store

  1. Open the Access Gateway Admin UI console.
  2. Select the Settings tab.
  3. Select the Data Stores pane.
  4. Select (+)> Sql Database.

Configure The Data Store

After selecting Sql Database the Create New Data Store wizard will start, initialized for database creation.

  1. Enter the following details:
    NameName used to identify the data store.My SQL Datastore

    Driver for datastore. Choose one of:

    • MySQL/MariaDB
    • PostgreSQL
    • MSSQL Server
    • OracleDB
    HostName:PortEnter the FQDN and port for the database
    DatabaseName of the database (schema) within the database.userDatabase


    Username to access the database.



    Password associated with Username.


    Advanced Query Mode

    Disabled: Specify the table name.


  2. Click the Not Validated ()button when complete.
    Okta Access Gateway will validate the connection to the database.
    On success the button will turn green () and show that the connection is valid.
  3. Add Where Clause:
    The where clause defines the join between the your Okta tenant and the database.
    1. Click the (+)
    2. In the new clause content dialog enter:


      FieldThe database field to join with


      ValueThe idP field to join against


      The result should resemble:


      The Value field can contain a fixed value or a reference to a field within a data store. Most common use is ${fieldInIdP@idp} where fieldInIdP represents the field used to join against the table and is from the fields available in the idP profile.

    3. Click Save ()when complete.
      Repeat as required.
    4. Click Okay to save the data store definition.


    Fields used in where clause MUST be defined as attributes for the application. If the field it not listed as an application attribute an error will result.

  4. Activate the datastore.
    Data stores are created disabled by default. Activate the data store by changing the Active toggle from inactive to active.
  5. Test the datasource.
    1. In the row containing the data store, click the test button ( ).
    2. In the Value field enter a value which will be matched in the where clause of the data store.
      For example, if matching on email enter a valid email address such as
    3. Click Test.
    4. On success the data store test will display content in the loaded data section of the test dialog.
      If not matches are found the dialog will display no information.

Define Data Store based Application Attributes

  1. Select the Applications tab.
  2. In the row containing the previously created application, click the edit button ( ).
  3. Select the Attributes pane.
  4. Click the add attribute button( ) .
    Note you may need to scroll the window down to see the new attribute display.
  5. Add an attribute with the following values:
    Data SourceSelect the newly added data store
    FieldSelect one of the fields from the data store.
    This is the source element.
    NameSelect the name of the field.
    This is the target in the Header, Cookie etc,

    Repeat as required.
  6. Click Okay.
  7. Click Done.

Test the application

  1. In the row containing the application click the Goto > SP Initiated.
  2. Login to your Okta tenant using a valid account.
  3. Examine the results of the test for the newly added data store based file and ensure the returned value is correct.