Okta authentication#
Okta can be used for password authentication for accessing Trino via HTTPS, including usage of the Starburst Enterprise web UI as well as the JDBC driver and any other users of the API.
Note
Okta authentication requires a valid Starburst Enterprise license.
Similar to the LDAP authentication or the password file
authentication, you need to enable PASSWORD
authentication for the HTTP/HTTPS server in etc/config.properties
:
http-server.authentication.type=PASSWORD
Okta authentication is very similar to LDAP authentication. See the LDAP documentation for generic instructions on configuring the server and clients to use TLS and authenticate with a username and password.
In addition, you need to specify the authenticator okta
and add the Okta
account URL in etc/password-authenticator.properties
.
If Okta multi-factor authentication (MFA) is configured, users have to confirm authentication with it. One time codes are not supported.
password-authenticator.name=okta
okta.account-url=https://your_okta_account_name.okta.com
Further configuration properties are optional.
Property name |
Description |
---|---|
|
Connection timeout for Okta HTTP calls. Default is 30s. |
|
Read timeout for Okta HTTP calls. Default is 30s. |
|
Write timeout for Okta HTTP calls. Default is 30s. |
|
The URL to your Okta account, typically
|
|
Time window for the Okta authenticator to refresh the Okta session token before it expires. Default is 10s. |