6.19. Okta Authentication#

Okta can be used for password authentication for accessing Presto via HTTPS, including usage of the Web UI as well as the JDBC driver and any other users of the API.

Similar to the LDAP authentication or the password file authentication, you need to enable PASSWORD authentication for the HTTP/HTTPS server in etc/config.properties:


Okta authentication is very similar to LDAP authentication. See the LDAP documentation for generic instructions on configuring the server and clients to use TLS and authenticate with a username and password.

In addition, you need to specify the authenticator okta and add the Okta account URL in etc/password-authenticator.properties.


Further configuration properties are optional.

Okta Authenticator Configuration Properties#
Property name Description Default
okta.http-connect-timeout Connection timeout for Okta HTTP calls 30 s
okta.http-read-timeout Read timeout for Okta HTTP calls 30 s
okta.http-write-timeout Write timeout for Okta HTTP calls 30 s
okta.account-url The URL to your Okta account, typically https://your_okta_account_name.okta.com  
okta.session-ttl-refresh-margin Time window for the Okta authenticator to refresh the Okta session token, before it expires 10 s