This is a Beta feature. To see about participating in this Beta program, please refer to the Beta Programs page.

MFA on Linux Systems with PAM

You can extend Multifactor Authentication (MFA) to your Linux system with the Okta Pluggable AuthenticationAuthentication is distinct from authorization, which is the process of giving individuals access to system objects based on their identity. Authentication merely ensures that the individual is who he or she claims to be, but says nothing about the access rights of the individual. Authentication methods and protocols include direct auth, delegated auth, SAML, SWA, WS-Fed, and OpenID Connect. Module (PAM) adapter to take advantage of the PAM infrastructure to provide MFA when authenticating on a Linux system. For version history, see Okta PAM Adapter Version History.

Important: This beta is closed. The released feature may not have the same interfaces, data structures, or limitations as this beta version. Do not use this version in production applications or environments at this time.

All questions, comments, and concerns should be directed to In addition, all feedback is appreciated. If you have an Okta CSM, include the CSM on the message. Please do not contact Okta Support; the support team does not support beta programs.


This beta version is tested on Red Hat Enterprise Linux Server release 7.5 (Maipo). The instructions in this document may require modifications to work on other Linux distributions.

Only the Push, SMS, Call, and OTP-codes MFA factors are supported.

Sequence Diagram

The following sample sequence diagram shows an authentication flow using Okta Verify Push.

Step-by-step Configuration Guide

There are four parts to the configuration, including prerequisites. Additionally, there is a troubleshooting section..