Accessing data often brings with it many security and availability headaches, but with DataDirect Hybrid Data Pipeline it is now possible to provide access to your data sources by OData-enabling them and authenticating your users with OpenID Connect (OIDC).
In this tutorial, you’ll learn how to quickly configure Hybrid Data Pipeline to use Okta as an Identity Provider (IDP) to support OpenID Connect (OIDC) authorization, allowing you to use your existing user credentials to access your data via Hybrid Data Pipeline’s OData REST API.
This tutorial assumes you have already installed Hybrid Data Pipeline and OData-enabled your data source. Your OData endpoint should be accessible using basic authentication in Hybrid Data Pipeline before beginning this tutorial.
Note, we will be using several third-party tools to complete this:
Sign up for Okta developer account at: https://developer.okta.com/
Create an Application under the Applications section in Okta
Choose OIDC and Web Application
On the New Web App Integration page, supply the following details:
On the following screen, make note of your client ID and client secret
6) Under the Security menu, select API and click on the pencil icon for the default server
Click on Add Scope
Add these items to the default scope:
Create your Auth URL and Access Token URLs using your personal Okta root URL. You can find your personal URL in the top right corner of the Okta web interface:
Create the Authentication Service in Hybrid Data Pipeline by logging into your Hybrid Data Pipeline server and clicking on the Authentication tab on the left. Click on New Service at the top of the screen.
Fill out the form using your Issuer URL and other details as seen below. Be sure to set HDP Username Identifier to ‘sub’ and JWT as the validation method.
Associate your Authentication Service with an HDP user account that has an OData endpoint configured by opening the user account in HDP and clicking on the Authentication Setup tab. Be sure to provide the full email address of the user used with your Okta account or one added to Okta’s user directory.
*Note that the user ID (email) must be unique and not match any local user IDs already existing within Hybrid Data Pipeline
Using Postman, configure a connection to the HDP OData endpoint for this user. (Refer to the documentation for details on creating an OData endpoint in Hybrid Data Pipeline.) Within Postman, past the OData URL into the URL bar as a GET request and click on the header tab. Add a new header:
Click on the Authorization Tab and choose OAuth2. Fill out the fields with the information collected from Okta:
Click Get New Access Token and click use token. The connection should authenticate, and data returned from the OData endpoint.
By being able to quickly integrate Hybrid Data Pipeline with your existing identity provider, it is much easier and more secure to share data across your organization or with your customers.
If you have further questions about this tutorial or Hybrid Data Pipeline in general, please contact us.