Ekaya

DataKit for OpenAI
The Missing Piece to Building Your Application

OpenAI gives you AgentKit for orchestration and ChatKit for UI. DataKit provides the safe, secure connection to your databases.

DataKit for OpenAI - Complete Agent Stack

The Complete Agent Stack

OpenAI's AgentKit provides powerful visual workflows for orchestrating multi-agent systems. ChatKit gives you embeddable UI components for chat-based experiences.

But there's a critical gap: secure enterprise database connectivity.

ORCHESTRATION

AgentKit

Visual workflows, multi-agent orchestration, guardrails

SECURE DATABASE LAYER

DataKit

Enterprise SSO, semantic layers, secure authorization

USER INTERFACE

ChatKit

Embeddable chat UI, streaming responses, branded experiences

Why the Connector Registry isn't enough: While it manages cloud storage (Dropbox, Google Drive) and basic integrations, it doesn't provide the enterprise-grade security, governance, and semantic understanding required for production database access.

What DataKit Provides

Four critical capabilities that enable production-ready agent-to-database connectivity

🧠

Semantic Layer

Business ontology that translates raw database schemas into concepts LLMs understand

cust_tbl β†’ Customer
inv_dt β†’ Invoice Date
Add fiscal calendars, computed metrics, and business rules not in the database
πŸ”

Enterprise SSO

SAML/OIDC integration with your existing identity providers

Works with Okta, Entra ID, Ping Identity, and other enterprise IdPs
MFA policies, directory sync, and automated provisioning all apply
πŸ›‘οΈ

Secure Authorization

Token pass-through from AI to database with user-level access controls

Each query runs under the authenticated user's database role, not a shared service account
Existing row-level security and RBAC continue to work
πŸ“Š

Audit & Governance

Full visibility and compliance-ready access tracking

User-level query logging and audit trails
Data governance policies enforced at the connection layer
Ready for SOC 2, HIPAA, and GDPR compliance

Secure MCP Implementation

Model Context Protocol (MCP) is insecure by default. DataKit implements it correctly.

Authorization Flow

1

User Authentication via SSO

User authenticates through enterprise IdP (Okta, Entra ID) with MFA

2

Token Generation

DataKit receives identity token and generates session with user context

3

AgentKit Request

Agent workflow initiates database query through MCP with user token

4

Semantic Translation

Natural language query is translated using business ontology into SQL

5

Database Execution

Query runs under authenticated user's database role with row-level security applied

6

Audit Logging

Query, results, and user identity logged for compliance and governance

⚠️MCP Without DataKit

  • β€’ Shared service account credentials
  • β€’ No user-level access controls
  • β€’ Direct schema exposure to LLMs
  • β€’ Limited audit trails
  • β€’ Manual governance enforcement

βœ…MCP With DataKit

  • β€’ Individual user authentication (SSO)
  • β€’ Row-level security preserved
  • β€’ Business semantic layer
  • β€’ Comprehensive audit logging
  • β€’ Automated compliance enforcement