Connect AI uses Auth0 as its managed identity broker. Any step that refers to the Auth0 tenant, domain, plan, or Rules and Actions is configured by CData on the broker side and is not something you set up yourself. If one applies to your issue, contact CData Support. The remaining steps are configured in Okta.
Frequently Asked Questions
Which scopes should I request?
Which scopes should I request?
- Start with
openid email profile. - Do not request additional scopes unless you have verified that your Okta application is configured to grant them.
Can I decide who is permitted to sign in?
Can I decide who is permitted to sign in?
Yes. On your side, limit the Okta application’s assignment to the specific users or groups that need access. A second filter, screening logins by email domain, group, or other attributes via Auth0 rules, is configured by CData on the broker side; contact CData Support if you need it.
Common Errors
The test connection fails without a specific message.
The test connection fails without a specific message.
- Make sure each URL references your own Okta domain and contains
/defaultin its path. - Check that the redirect URI is an exact match for what is registered in Okta.
An 'option validation failed' error is returned.
An 'option validation failed' error is returned.
Check for any of the following:
- A missing or incorrect field, for example
issuerorclient_id. - A URL with a typo.
- A reference to https://okta.com instead of your own Okta tenant domain.
A 403 is returned or the connection refuses to save.
A 403 is returned or the connection refuses to save.
Both common causes here are on the broker side that CData manages:
- The connection may need to use the default Auth0 domain rather than a custom one.
- The Auth0 plan must support Enterprise (SSO) connections.