Integrate Data Stores

You can add, modify, delete, and manage data stores in the Access Gateway Admin UI console.
You can use data stores to:

  • Augment the Access Gateway session data using external data sources, such as a database or LDAP.
  • Support bi-directional synchronization between Access Gateway and external data sources.
  • Support databases, such as MySQL, MS SQL, Oracle, and Postgres.
  • Support LDAP, such as, any LDAP V3 compliant Active Directory, Oracle Internet Directory/Unified Directory, OpenLDAP, and others.



Add a database based Data Store

  1. Open the Access Gateway Admin UI console.
  2. Select the Settings tab.
  3. Select the Data Stores pane.
  4. Select Add > Sql Database.

Configure the data store

After selecting Sql Database, the Create New DataStore wizard starts and is initialized for database creation.

  1. Enter the following details:
    NameThe name used to identify the data store.My SQL Datastore

    Driver for datastore. Select any one of the following:

    • MySQL/MariaDB
    • PostgreSQL
    • MSSQL Server
    • OracleDB
    HostName:PortEnter the FQDN and port for the database
    DatabaseName of the database (schema) within the database.userDatabase


    Username to access the database.



    Password associated with Username.


    Advanced Query Mode

    Disabled: Specify the table name.


  2. Click Not Validated () when complete to initiate the validation process.
    Okta Access Gateway validates the connection to the database. If the validation was successful, the button changes to Valid () and shows that the connection is valid.
  3. Add the Where clause:
    The where clause defines the join between the your Okta tenant and the database.
    1. Click Add (+).
    2. In the Clause Conditions dialog box, enter:


      FieldThe database field to join with


      ValueThe IDP field to join against


      The result should be similar to:


      The Value field can contain a fixed value or a reference to a field within a data store. The most common use is ${fieldInIdP@idp}, where fieldInIdP represents the field used to join against the table and is from the fields available in the IDP profile.

    3. Click Save ().
      Repeat as required.
    4. Click Okay to save the data store definition.


    You must define fields used in Where clause as attributes for the application. If the field it not listed as an application attribute, it results in an error.

  4. Activate the data store.
    Data stores are created in a deactivated status by default. Activate the data store by changing the Active toggle from inactive to active.
  5. Test the datasource.
    1. In the row containing the data store, click Test ( ).
    2. In the Value field, enter a value that's matched in the where clause of the data store.
      For example, if matching on email, enter a valid email address, such as
    3. Click Test.
    4. On success, the data store test displays content in the loaded data section of the test dialog box.
      If no matches are found, then the dialog box doesn't display any information.

Define Data Store based Application Attributes

  1. Select the Applications tab.
  2. In the row containing the previously created application, click Edit ( ).
  3. Select the Attributes pane.
  4. Click Add ( ) . You may need to scroll to the end of the window to see the new attribute display.
  5. Add an attribute with the following values:
    Data SourceSelect the newly added data store.
    FieldSelect one of the fields from the data store.
    This is the source element.
    NameSelect the name of the field.
    This is the target in the header and cookie.

    Repeat as required.
  6. Click Okay.
  7. Click Done.

Test the application

  1. In the row containing the application, click the Goto application > SP Initiated.
  2. Sign in to your Okta tenant using a valid account.
  3. Examine the results of the test for the newly added data store based file and ensure that the returned value is correct.