This is a Beta feature. To see about participating in this Beta program, please refer to the Beta Programs page.

MFA on Linux Systems with PAM

You can extend Multifactor Authentication (MFA) to your Linux system with the Okta Pluggable Authentication Module (PAM) adapter to take advantage of the PAM infrastructure to provide MFA when authenticating on a Linux system. For version history, see Okta PAM Adapter Version History.

Important: The released feature may not have the same interfaces, data structures, or limitations as this beta version. Do not use this version in production applications or environments at this time.

All questions, comments, and concerns should be directed to In addition, all feedback is appreciated. If you have an Okta CSM, include the CSM on the message. Please do not contact Okta Support; the support team does not support beta programs.

The feedback period for this beta version is expected to end in October 2018. Okta appreciates your timely feedback!


This beta version is tested on Red Hat Enterprise Linux Server release 7.5 (Maipo). The instructions in this document may require modifications to work on other Linux distributions.

Only the Push, SMS, Call, and OTP-codes MFA factors are supported.

Step-by-step Configuration Guide

There are seven parts to the configuration, including prerequisites and testing. Answers to frequently asked questions are also provided.