Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Okta

Okta is a SAML-based authentication plugin that works with the Okta identity provider. For information about configuring federation for Okta and Amazon Athena, see Configuring SSO for ODBC using the Okta plugin and Okta Identity Provider.

Authentication Type

User ID

Your Okta user name.

Password

Your Okta user password.

Preferred role

The Amazon Resource Name (ARN) of the role to assume. For more information about ARN roles, see AssumeRole in the Amazon Security Token Service API Reference.

Session duration

The duration, in seconds, of the role session. For more information, see AssumeRole in the Amazon Security Token Service API Reference.

IdP host

The URL for your Okta organization. You can extract the idp_host parameter from the Embed Link URL in your Okta application. For steps, see Retrieve ODBC configuration information from Okta. The first segment after https://, up to and including okta.com is your IdP host (for example, http://trial-1234567.okta.com).

IdP port

The port number to use to connect to your IdP host.

Okta app ID

The two-part identifier for your application. You can extract the app_id parameter from the Embed Link URL in your Okta application. For steps, see Retrieve ODBC configuration information from Okta. The application ID is the last two segments of the URL, including the forward slash in the middle. The segments are two 20-character strings with a mix of numbers and upper and lowercase letters (for example, Abc1de2fghi3J45kL678/abc1defghij2klmNo3p4).

Okta app name

The name of the Okta application.

Okta wait time

Specifies the duration in seconds to wait for the multifactor authentication (MFA) code.

Okta MFA type

The MFA factor type. Supported types are Google Authenticator, SMS (Okta), Okta Verify with Push, and Okta Verify with TOTP. Individual organization security policies determine whether or not MFA is required for user login.

Okta phone number

The phone number to use with Amazon SMS authentication. This parameter is required only for multifactor enrollment. If your mobile number is already enrolled, or if Amazon SMS authentication is not used by the security policy, you can ignore this field.

Enable Okta file cache

Enables a temporary credentials cache. This connection parameter enables temporary credentials to be cached and reused between the multiple processes opened by BI applications. Use this option to avoid the Okta API throttling limit.