diff --git a/pulsar-client-auth-athenz/src/main/java/org/apache/pulsar/client/impl/auth/AuthenticationAthenz.java b/pulsar-client-auth-athenz/src/main/java/org/apache/pulsar/client/impl/auth/AuthenticationAthenz.java
index 85e9f8e5836bb..d833e950de6f2 100644
--- a/pulsar-client-auth-athenz/src/main/java/org/apache/pulsar/client/impl/auth/AuthenticationAthenz.java
+++ b/pulsar-client-auth-athenz/src/main/java/org/apache/pulsar/client/impl/auth/AuthenticationAthenz.java
@@ -56,6 +56,7 @@ public class AuthenticationAthenz implements Authentication, EncodedAuthenticati
     private static final String APPLICATION_X_PEM_FILE_BASE64 = "application/x-pem-file;base64";
 
     private transient ZTSClient ztsClient = null;
+    private String ztsUrl;
     private String tenantDomain;
     private String tenantService;
     private String providerDomain;
@@ -150,6 +151,9 @@ private void setAuthParams(Map<String, String> authParams) {
         if (authParams.containsKey("roleHeader")) {
             System.setProperty("athenz.auth.role.header", authParams.get("roleHeader"));
         }
+        if (authParams.containsKey("ztsUrl")) {
+            this.ztsUrl = authParams.get("ztsUrl");
+        }
     }
 
     @Override
@@ -164,7 +168,7 @@ private ZTSClient getZtsClient() {
         if (ztsClient == null) {
             ServiceIdentityProvider siaProvider = new SimpleServiceIdentityProvider(tenantDomain, tenantService,
                     privateKey, keyId);
-            ztsClient = new ZTSClient(null, tenantDomain, tenantService, siaProvider);
+            ztsClient = new ZTSClient(ztsUrl, tenantDomain, tenantService, siaProvider);
         }
         return ztsClient;
     }
diff --git a/pulsar-client-auth-athenz/src/test/java/org/apache/pulsar/client/impl/auth/AuthenticationAthenzTest.java b/pulsar-client-auth-athenz/src/test/java/org/apache/pulsar/client/impl/auth/AuthenticationAthenzTest.java
index c927262ed9a6a..36df7f13557f3 100644
--- a/pulsar-client-auth-athenz/src/test/java/org/apache/pulsar/client/impl/auth/AuthenticationAthenzTest.java
+++ b/pulsar-client-auth-athenz/src/test/java/org/apache/pulsar/client/impl/auth/AuthenticationAthenzTest.java
@@ -110,6 +110,14 @@ public void testGetAuthData() throws Exception {
         assertEquals(count, 1);
     }
 
+    @Test
+    public void testZtsUrl() throws Exception {
+        Field field = auth.getClass().getDeclaredField("ztsUrl");
+        field.setAccessible(true);
+        String ztsUrl = (String) field.get(auth);
+        assertEquals(ztsUrl, "https://localhost:4443/");
+    }
+
     @Test
     public void testLoadPrivateKeyBase64() throws Exception {
         try {
diff --git a/pulsar-client-auth-athenz/src/test/resources/authParams.json b/pulsar-client-auth-athenz/src/test/resources/authParams.json
index d7eb6902a781b..5d695b267b454 100644
--- a/pulsar-client-auth-athenz/src/test/resources/authParams.json
+++ b/pulsar-client-auth-athenz/src/test/resources/authParams.json
@@ -2,5 +2,6 @@
 	"tenantService": "test_service",
 	"privateKey": "./src/test/resources/tenant_private.pem",
 	"providerDomain": "test_provider",
-	"tenantDomain": "test_tenant"
+	"tenantDomain": "test_tenant",
+	"ztsUrl": "https://localhost:4443/"
 }