Integrate Data Stores
You can add, modify, delete, and manage data stores in the Access Gateway Admin UI console.
You can use data stores to:
- Augment the Access Gateway session data using external data sources, such as a database or Lightweight Directory Access Protocol (LDAP).
- Support bidirectional synchronization between Access Gateway and external data sources.
- Support databases (for example, MySQL, MS SQL, Oracle, and Postgres).
- Support LDAP (for example, any LDAP V3 compliant Active Directory, Oracle Internet Directory/Unified Directory, OpenLDAP, and others).
Topics
- Add a database-based Data Store
- Configure a data store
- Define data store-based application attributes
Add a database-based Data Store
- Open the Access Gateway Admin UI console.
- Select the Settings tab.
- Select the Data Stores pane.
- Select Add (
) > Sql Database.
Configure a data store
After you select Sql Database, the Create New DataStore wizard starts and is initialized for database creation.
- Enter the following details:
Field Description Example Name The name used to identify the data store. My SQL Datastore Driver Driver for datastore. Select any one of the following:
- MySQL/MariaDB
- PostgreSQL
- MSSQL Server
- OracleDB
MySQL/MariaDB HostName:Port Enter the FQDN and port for the database instance. mysqlserver.example.com:3306 Database Name of the database (schema) within the database. userDatabase Username
Username to access the database.
dbuser
Password
Password associated with Username.
password
Advanced Query Mode
Disabled: Specify the table name.
people
- Click Not Validated to start the validation process. Okta Access Gateway validates the connection to the database. If the validation was successful, the button changes to Valid to show that the connection is valid.
- Add a Where clause that defines the join between your Okta tenant and the database.
- Click Add (+).
- In the Clause Conditions dialog box, enter the following:
Field Value example
Field The database field to join with email
Value The IDP field to join against ${email@idp}
The Value field can contain a fixed value or a reference to a field within a data store. The most common use is ${fieldInIdP@idp}. Here, fieldInIdP represents the field used to join against the table and is from the fields available in the IDP profile.
- Click Save (
). Repeat the previous two steps as required to add more clause conditions. - Click Okay to save the data store definition.
Define the fields used in the Where clause as attributes for the application. If you use a field that's not defined as an application attribute, it results in an error.
- Click Add (+).
- Turn on the Active toggle to activate the data store.
- Test the datasource.
- In the row containing the data store, click Test (
). - In the Value field, enter a value that's matched in the where clause of the data store. For example, if matching on email, enter a valid email address.
- Click Test.
- On success, the data store test displays content in the Loaded Data section of the test dialog box. If no matches are found, then the dialog box doesn't display any information.
- In the row containing the data store, click Test (
Define data store-based application attributes
- Select the Applications tab.
- In the row containing the previously created application, click Edit (
). - Select the Attributes pane.
- Click Add ( ) . You may need to scroll to the end of the window to see the new attribute display.
- Add an attribute with the following values:
Field Value Data Source Select the newly added data store. Field Select one of the fields from the data store. This is the source element. Name Select the name of the field. This is the target in the header and cookie. 
Repeat as required.
- Click Okay.
- Click Done.
Test the application
- In the row containing the application, click Goto application > SP Initiated.
- Sign in to your Okta tenant using a valid account.
- Examine the results of the test for the newly added data store based file and ensure that the returned value is correct.
