Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search

how to setup okta authentication with cdh impala

Labels:
avatar
author-rank tableau
Explorer

Created ‎10-15-2025 03:19 PM

I have a cdp 7.3.1 instance, and I want to hookup okta authentication to the impala service, so that when tableau connects to the impala, it will trigger authentication / call back with a okta server(I already have admin controls of it, and have scope/application etc).

on this instance, I already enabled kerberos, knox and not sure if I need to enable ssl as well, I can't find any documentation for it, can some one walk me through the setup? I mostly rely on chapgpt, and had some issues. 

 

294 Views
0 Kudos
Tags (2)
6 REPLIES 6

avatar
author-rank DianaTorres author-rank
Community Manager

Created ‎10-16-2025 02:49 PM

Hi @jAnshula @ChethanYM @Boris G @Saurabhatiyal Hello team
Do you have any insights here? Thanks!

Regards,

Diana Torres,
Senior Community Moderator

Was your question answered? Make sure to mark the answer as the accepted solution.
If you find a reply useful, say thanks by clicking on the thumbs up button.
Learn more about the Cloudera Community:
262 Views
0 Kudos

avatar
author-rank jAnshula author-rank
Expert Contributor

Created ‎10-17-2025 01:42 AM

Hi @tableau 

The Impala ODBC/JDBC drivers don’t natively support SAML authentication.
You need to use Apache Knox as the SAML Service Provider (SP). Knox handles authentication with Okta (IdP) and then proxies the authenticated session to Impala using Kerberos delegation.

Okta → SAML → Knox SSO (Gateway) → Kerberos delegation → Impala

SSL (HTTPS) is required for SAML authentication to work securely.
Please refer to the following Cloudera documentation for setup details:

https://docs.cloudera.com/cdp-private-cloud-base/7.3.1/knox-authentication/topics/security-knox-authe-saml.html 

https://docs.cloudera.com/cdp-private-cloud-base/7.3.1/knox-authentication/topics/security-knox-tls-mutual-authentication.html 

Let us know if you have any questions on the same.

240 Views
0 Kudos

avatar
author-rank DanielR
New Contributor

Created ‎10-17-2025 04:09 AM

You can use oauth which is available in Impala now

See: https://docs.cloudera.com/cdp-private-cloud-base/7.1.9/impala-secure/topics/impala-oauth.html

224 Views
0 Kudos

avatar
author-rank DianaTorres author-rank
Community Manager

Created ‎10-24-2025 02:03 PM

@tableau Has the reply helped resolve your issue? If so, please mark the appropriate reply as the solution, as it will make it easier for others to find the answer in the future. Thanks.

Regards,

Diana Torres,
Senior Community Moderator

Was your question answered? Make sure to mark the answer as the accepted solution.
If you find a reply useful, say thanks by clicking on the thumbs up button.
Learn more about the Cloudera Community:
140 Views
0 Kudos

avatar
author-rank tableau
Explorer

Created ‎10-28-2025 09:11 AM

I need time to test the flow, and if there is a more detailed tutorial on how it is done, please send it my way. Thanks.

67 Views
0 Kudos

avatar
author-rank tableau
Explorer

Created ‎10-28-2025 09:52 AM

I have a okta server and application / scope information, and I need guidance on how to implement the okta provider in the knox setup. The current documentation talks more about ldap, and not helpful on okta setup.

65 Views
0 Kudos
Announcements
Community Announcements
Welcome to the Cloudera Community!
Community Announcements
September 2025 Community Highlights
What's New @ Cloudera
Upgrade Your Spark Experience: Introducing CDS 3.5 for Cloud...
Community Announcements
August 2025 Community Highlights
Community Announcements
July 2025 Community Highlights
View More Announcements