Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Okta credentials

A SAML-based authentication mechanism that enables authentication to Athena using the Okta identity provider. This method assumes that a federation has already been set up between Athena and Okta.

Credentials provider

The credentials provider that will be used to authenticate requests to Amazon. Set the value of this parameter to Okta.

User

The email address of the Okta user to use for authentication with Okta.

Password

The password for the Okta user.

Okta host name

The URL for your Okta organization. You can extract the idp_host parameter from the Embed Link URL in your Okta application. For steps, see Retrieve ODBC configuration information from Okta. The first segment after https://, up to and including okta.com, is your IdP host (for example, trial-1234567.okta.com for a URL that starts with https://trial-1234567.okta.com).

Okta application ID

The two-part identifier for your application. You can extract the application ID from the Embed Link URL in your Okta application. For steps, see Retrieve ODBC configuration information from Okta. The application ID is the last two segments of the URL, including the forward slash in the middle. The segments are two 20-character strings with a mix of numbers and upper and lowercase letters (for example, Abc1de2fghi3J45kL678/abc1defghij2klmNo3p4).

Okta application name

The name of your Okta application.

Okta MFA type

If you have set up Okta to require multi-factor authentication (MFA), you need to specify the Okta MFA type and additional parameters depending on the second factor that you want to use.

Okta MFA type is the second authentication factor type (after the password) to use to authenticate with Okta. Supported second factors include push notifications delivered through the Okta Verify app and temporary one-time passwords (TOTPs) generated by Okta Verify, Google Authenticator, or sent through SMS. Individual organization security policies determine whether or not MFA is required for user login.

Okta phone number

The phone number to which Okta will send a temporary one-time password using SMS when the smsauthentication MFA type is chosen. The phone number must be a US or Canadian phone number.

Okta MFA wait time

The duration, in seconds, to wait for the user to acknowledge a push notification from Okta before the driver throws a timeout exception.

Preferred role

The Amazon Resource Name (ARN) of the role to assume. For information about ARN roles, see AssumeRole in the Amazon Security Token Service API Reference.

Role session duration

The duration, in seconds, of the role session. For more information, see AssumeRole in the Amazon Security Token Service API Reference.

Lake Formation enabled

Specifies whether to use the AssumeDecoratedRoleWithSAML Lake Formation API action to retrieve temporary IAM credentials instead of the AssumeRoleWithSAML Amazon STS API action.