Alex Taylor Internet enthusiast

Authoralexntaylor

Okta Certified Professional

O

Short and sweet recap here – passed the exam without too much trouble! I ran into a couple of questions about things I hadn’t seen before, but in general the questions were in line with the training and my hands-on practice. No issues with the online proctor or the testing software but I really hated the DOMC format – even though I felt confident in my answers, it can be daunting to not see any other options, and to have some questions show multiple options and others only show one.

For new folks, here’s my Okta Basics walkthrough as I took the training course.

Overall excellent journey! Really enjoyed learning about Okta and digging deeper into the IAM world.

Accessibility Resources

A

I’m the Chair of the Accessibility Subcommittee at work and have been overwhelmed (in a good way) with how much of an effort is being made across the organization to make our products and websites more accessible. Super proud to work where I work and super proud to chair a subcommittee of passionate people.

We’re in the process of putting together a handbook for new employees who may need special accommodations or just want to learn more about accessibility options. As part of that process, we’ve started collecting resources to share with the internal team. Wanted to share the list here as well.

Online Tools & Resources

General

Tech

Laws and Regulations

Training

OneTrust Certified Privacy Professional – Passed

O

OneTrust is the industry standard for privacy and compliance management – I used this at my previous employer and am guaranteed to touch it again if I move back into compliance, so it seemed as good a time as any to level up my skills and get certified.

The live training is free and can be taken as two four hour sessions, or occasionally as one full day session – I opted for the full day option and signed up for one of the EMEA sessions (started at 4am EDT!). The training is 40% GDPR and regulation training and 60% training on using OneTrust, and I definitely learned a few things.

The exam is a 90 minute unproctored multiple choice exam with a similar mix – some regulation knowledge testing, some OneTrust-specific testing. Definitely a few tricky questions but overall I didn’t have any trouble.

Onward to the next.

Okta – Day 15 – End User Support & The Okta Help Center

O

Okta Basics Curriculum: Okta End User Support + Navigating the Okta Help Center (two courses)

We’re at the end of the Okta Basics training here – the last couple of lessons are about getting support and finding additional resources – I’ve been linking good resources as I’ve discovered them in the help centre and elsewhere, and I have a few others I’ll share here.

These last two lessons are pretty basic – resetting user passwords, resetting MFA, nothing special.

Okta has a toolkit they call the End User Adoption Toolkit that has some interesting resources for Okta admins and customers who are rolling the tool out to their users.

The toolkit includes: 

  • Adoption Project Plan
  • Key Roles and Responsibilities
  • Success Objectives
  • Communication Plans
  • Communication Templates
  • End User Training Plans
  • End User Training Assets
I love a good pre-built project plan…

The Okta Help Center at support.okta.com is easy to navigate, and there are TONS of resources in here to dig into.

They have a couple different ‘ask questions’ options – a question + answer page and a dev forum.

Last page I’d recommend bookmarking is the Okta status page at status.okta.com – always worth keeping an eye on if you’re experiencing any issues with your service.

Okta – Day 14 – Configuring Universal Directory and User Profiles

O

Okta Basics Curriculum: Configure Universal Directory and User Profiles

Via Okta:
Many companies have multiple identity sources with different types of users, such as contractors, partners, customers, and acquired companies’ employees. 

Okta Universal Directory provides a single view across all these groups with AD and LDAP directory integrations and out-of-the-box connections with HR systems like Workday, SaaS apps like G Suite, CSV files, and third-party identity providers.

There’s a good architecture whitepaper here that is worth reviewing to get to know Okta’s directory integration better.

We’ve covered universal directory and creating user profiles in a few previous posts, but as a recap, Okta allows you to extend user, application, and directory-level profiles from various sources so they can be managed via Okta if the admins want to.

Okta – Day 13 – Okta’s Access Gateway

O

Okta Basics Curriculum: Protect On-Prem Applications with Okta’s Access Gateway (OAG)

The TLDR of Okta’s Access Gateway is that it allows companies to use SSO and MFA between cloud and on prem apps. The Access Gateway is a VM that can be hosted on prem or in the cloud, so it can live essentially anywhere in your environment that supports it.

Via Okta’s docs:

“Okta Access Gateway is a reverse proxy based virtual application, designed to secure web applications that don’t natively support SAML or OIDC. Access Gateway integrates with legacy applications using HTTP headers and Kerberos tokens, and offers URL-based authorization and more. You can use Access Gateway to seamlessly integrate your legacy web based applications with Okta’s Cloud Single Sign-On (SSO) and Adaptive Multi-Factor Authentication (MFA) services. And because Access Gateway is deployed behind the firewall, it lets external users access on-premises web-based applications without the need for traditional VPNs.”

There’s a 25 minute product demo in the Okta Basics training that is recommended viewing (note: no closed captioning per usual).

The user experience is meant to be seamless, so users shouldn’t notice anything different or special if they’re accessing apps behind the Access Gateway.

Okta – Day 12 – Configuring O365 with Okta

O

Okta Basics Curriculum: Configure O365 with Okta

O365 is Okta’s most common integration, and the app integration has evolved enough that you can use Okta to sync with existing O365 users, or to manage them directly.

How does the integration work at a high level?

Regardless of the provisioning type you will be using, Microsoft has 3 requirements: 

  1. First, you must register your company’s public domain with your Office365 tenant. This is true for all implementations.
  2. Next, you must check that your default domain is set correctly. Again, this is true for all implementations.
  3. Finally, you need to prepare your directory. This is when you will decide if you will be using Microsoft provisioning or Okta provisioning. 

There’s a lot here – more that I can explain easily in a post – I recommend watching the Okta training videos and spending some time reading the guides if this is something that you’re going to be doing regularly.

Typical workflow for deploying O365

Overview of the integration capabilities

Okta – Day 11 – Advanced Server Access

O

Okta Basics Curriculum: Enable Secure Access to Linux Servers with Advanced Server Access

Okta’s Advanced Server Access tool provides access management for servers, whether they’re cloud or on prem. Rather than keeping track of various passwords and logins for individual servers, Advanced Server Access essentially manages the identity piece and provides an alternative to manual logins.

Here’s their simple diagram of how this works:

This is actually an extremely cool feature, assuming it actually works the way they say it does. I’m going to recommend that people go through the Okta training for this piece because they do a better job of explaining it than I can here. Essentially, Okta grants a short-lived certificate and a client application installed on the users’ workstation initiates a secure session with the target server. The certificate expires in minutes and they self-revoke after use, so there are no concerns about credential theft and much less of an attack surface than normal.

Okta’s docs about Advanced Server Access has more information if you want to dig in further.

The video for this lesson also makes note of some cool command line options that Advanced Server Access offers as well – you have the option once you’re authenticated to see which servers you have access to, so you can just choose one without having to re-authenticate or log in directly.

The other obvious benefit of managing server access this way is that it makes things a lot easier to handle if one of your admins leaves the company – no need to reset a hundred passwords – once they’re offboarded in Okta, any potential access goes away.

Alex Taylor Internet enthusiast

Privacy advocate
Process developer
Product manager

Experience in information security, customer success, compliance and privacy, risk management, identity and access, and service deployment. Former teacher. Always learning.

We should hang out.