Support Questions

tableau · ‎10-15-2025

I have a cdp 7.3.1 instance, and I want to hookup okta authentication to the impala service, so that when tableau connects to the impala, it will trigger authentication / call back with a okta server(I already have admin controls of it, and have scope/application etc).

on this instance, I already enabled kerberos, knox and not sure if I need to enable ssl as well, I can't find any documentation for it, can some one walk me through the setup? I mostly rely on chapgpt, and had some issues.

DianaTorres · ‎10-16-2025

Hi @jAnshula @ChethanYM @Boris G @Saurabhatiyal Hello team
Do you have any insights here? Thanks!

Regards,

Diana Torres,
Senior Community Moderator

Was your question answered? Make sure to mark the answer as the accepted solution.
If you find a reply useful, say thanks by clicking on the thumbs up button.
Learn more about the Cloudera Community:
Community Guidelines
How to use the forum

jAnshula · ‎10-17-2025

Hi @tableau

The Impala ODBC/JDBC drivers don’t natively support SAML authentication.
You need to use Apache Knox as the SAML Service Provider (SP). Knox handles authentication with Okta (IdP) and then proxies the authenticated session to Impala using Kerberos delegation.

Okta → SAML → Knox SSO (Gateway) → Kerberos delegation → Impala

SSL (HTTPS) is required for SAML authentication to work securely.
Please refer to the following Cloudera documentation for setup details:

https://docs.cloudera.com/cdp-private-cloud-base/7.3.1/knox-authentication/topics/security-knox-authe-saml.html

https://docs.cloudera.com/cdp-private-cloud-base/7.3.1/knox-authentication/topics/security-knox-tls-mutual-authentication.html

Let us know if you have any questions on the same.

DanielR · ‎10-17-2025

You can use oauth which is available in Impala now

See: https://docs.cloudera.com/cdp-private-cloud-base/7.1.9/impala-secure/topics/impala-oauth.html

Support Questions

how to setup okta authentication with cdh impala