Okta Certified Professional
O
Short and sweet recap here – passed the exam without too much trouble! I ran into a couple of questions about things I hadn’t seen before, but in general the questions were in line with the training and my hands-on practice. No issues with the online proctor or the testing software but I really hated the DOMC format – even though I felt confident in my answers, it can be daunting to not see any other options, and to have some questions show multiple options and others only show one.
For new folks, here’s my Okta Basics walkthrough as I took the training course.
Overall excellent journey! Really enjoyed learning about Okta and digging deeper into the IAM world.
Accessibility Resources
A
I’m the Chair of the Accessibility Subcommittee at work and have been overwhelmed (in a good way) with how much of an effort is being made across the organization to make our products and websites more accessible. Super proud to work where I work and super proud to chair a subcommittee of passionate people.
We’re in the process of putting together a handbook for new employees who may need special accommodations or just want to learn more about accessibility options. As part of that process, we’ve started collecting resources to share with the internal team. Wanted to share the list here as well.
Online Tools & Resources
- Huge list of accessibility resources from The A11y Project
- How to Quickly Check the Accessibility of Word Documents
- How to Quickly Check the Accessibility of PowerPoint Presentations
- An Accessible Word Document Checklist (A Clear Bright Web)
- Additional posts from A Clear Bright Web
- Web Content Accessibility Guidelines
- Web Content Accessibility Guidelines Checklist from The A11y Project
- Introduction to Web Accessibility + resources (M.A.W. Consulting)
- Dyslexia Fonts (via The A11y Project)
- How to let all your users know what to expect when they click a link (Stefan Judis)
- Understanding Color Blindness (The A11y Project)
- Accessibility subreddit r/accessibility
- Big list of accessibility resources via r/accessibility
meta/accessibility_resources – accessibility
General
- Accessibility drives aesthetics (UX Design)
- Improved Office Accessibility Can Benefit Everyone (NAIOP)
- What Startups Need to Know About Accessibility (Bureau of Internet Accessibility)
- Accessibility vs. Usability vs. Inclusion (Bureau of Internet Accessibility)
- Charting a Path Forward: Report of the Independent Review of the Accessibility for Ontarians with Disabilities Act, 2005
- Full Accessibility by 2025: Will Your Business Be Ready? (Ivey Business Journal)
- AODA Compliance and WCAG – How to Boost Your Web Accessibility [Checklist] (Stable WP)
- Why accessibility matters to your startup (Part 1): Who is a disabled user? (The Path Forward)
- Why every startup needs to think about web accessibility (The Burn-in)
- 3 Reasons Your Startup Can’t Afford to Ignore Digital Accessibility (Medium)
- Accessibility is for Everyone (Creative Output)
- ProPublica experiments with ultra-accessible plain language in stories about people with disabilities (Neiman Lab)
- I’m deaf, and this is what happens when I get on a Zoom call (Fast Company)
- Technology doesn’t make accessibility hard. People who don’t care do. (UX Collective)
- Nike’s first hands-free shoe – super cool shoes that are both accessible and stylish!
- Twitter:
- a11yevents
- A11yNews
- A11YProject
- A11Ycollective
Tech
- Using AI to Improve Photo Descriptions for People Who Are Blind and Visually Impaired (Facebook)
- Testing Color Contrast in Mobile Apps (Deque)
- Accessibility from Apple
- Accessibility from Microsoft
- Accessibility from Mozilla
- Accessibility from Google
- What is Accessibility? (Mozilla)
- The Future of Game Accessibility on XBOX
- Zoom’s latest accessibility features let you pin and spotlight multiple videos during calls (The Verge)
- Otter.ai launches Zoom live captions (Verdict)
Laws and Regulations
- Accessible Canada Act S.C. 2019, c. 10 (Gov of Canada)
- Summary of the Accessible Canada Act (Gov of Canada)
- Making an accessible Canada for persons with disabilities (Gov of Canada)
- The ABCs of Canadians with Disabilities Act (AMI)
- Accessibility Canada Act (Council of Canadians with Disabilities)
- Accessibility for Ontarians with Disabilities Act, 2005, S.O. 2005, c. 11 (Ontario government)
- Ontario Public Service accessibility commitments (Ontario government)
- Web Content Accessibility Guidelines (WCAG) Overview (W3.org)
- How to Make Websites Accessible (Ontario government)
- An Overview of Canada’s Accessibility Laws: A Look at the Old and the New (Essential Accessibility)
- A Guide to Disability Rights Laws (US Department of Justice)
Training
- Webinars from Disability Rights Online
- Intro to Web Accessibility (M.A.W. Consulting)
- Digital Accessibility Ethics – Lainey Feingold
- Writing even more CSS with Accessibility in Mind /w Manuel Matuzović [CSSCafe / english]
- Axe-Con from Deque (Free access to recordings)
- M-Enabling Summit
- A11y Collective Courses – Courses on accessible code and making business use cases for accessibility. Some free and some paid
- Online training from Disability Rights Online
OneTrust Certified Privacy Professional – Passed
O
OneTrust is the industry standard for privacy and compliance management – I used this at my previous employer and am guaranteed to touch it again if I move back into compliance, so it seemed as good a time as any to level up my skills and get certified.
The live training is free and can be taken as two four hour sessions, or occasionally as one full day session – I opted for the full day option and signed up for one of the EMEA sessions (started at 4am EDT!). The training is 40% GDPR and regulation training and 60% training on using OneTrust, and I definitely learned a few things.
The exam is a 90 minute unproctored multiple choice exam with a similar mix – some regulation knowledge testing, some OneTrust-specific testing. Definitely a few tricky questions but overall I didn’t have any trouble.
Onward to the next.
Okta Basics Training – Complete
O
Introduction to this series and links to each entry are available here.
Guess its time to start studying for the Okta Professional exam 😉
Okta – Day 15 – End User Support & The Okta Help Center
O
Okta Basics Curriculum: Okta End User Support + Navigating the Okta Help Center (two courses)
We’re at the end of the Okta Basics training here – the last couple of lessons are about getting support and finding additional resources – I’ve been linking good resources as I’ve discovered them in the help centre and elsewhere, and I have a few others I’ll share here.
These last two lessons are pretty basic – resetting user passwords, resetting MFA, nothing special.
Okta has a toolkit they call the End User Adoption Toolkit that has some interesting resources for Okta admins and customers who are rolling the tool out to their users.
The toolkit includes:
- Adoption Project Plan
- Key Roles and Responsibilities
- Success Objectives
- Communication Plans
- Communication Templates
- End User Training Plans
- End User Training Assets
The Okta Help Center at support.okta.com is easy to navigate, and there are TONS of resources in here to dig into.
They have a couple different ‘ask questions’ options – a question + answer page and a dev forum.
Last page I’d recommend bookmarking is the Okta status page at status.okta.com – always worth keeping an eye on if you’re experiencing any issues with your service.
Okta – Day 14 – Configuring Universal Directory and User Profiles
O
Okta Basics Curriculum: Configure Universal Directory and User Profiles
Via Okta:
Many companies have multiple identity sources with different types of users, such as contractors, partners, customers, and acquired companies’ employees.
Okta Universal Directory provides a single view across all these groups with AD and LDAP directory integrations and out-of-the-box connections with HR systems like Workday, SaaS apps like G Suite, CSV files, and third-party identity providers.
There’s a good architecture whitepaper here that is worth reviewing to get to know Okta’s directory integration better.
We’ve covered universal directory and creating user profiles in a few previous posts, but as a recap, Okta allows you to extend user, application, and directory-level profiles from various sources so they can be managed via Okta if the admins want to.
Okta – Day 13 – Okta’s Access Gateway
O
Okta Basics Curriculum: Protect On-Prem Applications with Okta’s Access Gateway (OAG)
The TLDR of Okta’s Access Gateway is that it allows companies to use SSO and MFA between cloud and on prem apps. The Access Gateway is a VM that can be hosted on prem or in the cloud, so it can live essentially anywhere in your environment that supports it.
Via Okta’s docs:
“Okta Access Gateway is a reverse proxy based virtual application, designed to secure web applications that don’t natively support SAML or OIDC. Access Gateway integrates with legacy applications using HTTP headers and Kerberos tokens, and offers URL-based authorization and more. You can use Access Gateway to seamlessly integrate your legacy web based applications with Okta’s Cloud Single Sign-On (SSO) and Adaptive Multi-Factor Authentication (MFA) services. And because Access Gateway is deployed behind the firewall, it lets external users access on-premises web-based applications without the need for traditional VPNs.”
There’s a 25 minute product demo in the Okta Basics training that is recommended viewing (note: no closed captioning per usual).
The user experience is meant to be seamless, so users shouldn’t notice anything different or special if they’re accessing apps behind the Access Gateway.
Okta – Day 12 – Configuring O365 with Okta
O
Okta Basics Curriculum: Configure O365 with Okta
O365 is Okta’s most common integration, and the app integration has evolved enough that you can use Okta to sync with existing O365 users, or to manage them directly.
How does the integration work at a high level?
Regardless of the provisioning type you will be using, Microsoft has 3 requirements:
- First, you must register your company’s public domain with your Office365 tenant. This is true for all implementations.
- Next, you must check that your default domain is set correctly. Again, this is true for all implementations.
- Finally, you need to prepare your directory. This is when you will decide if you will be using Microsoft provisioning or Okta provisioning.
There’s a lot here – more that I can explain easily in a post – I recommend watching the Okta training videos and spending some time reading the guides if this is something that you’re going to be doing regularly.
Typical workflow for deploying O365
Overview of the integration capabilities
Okta – Day 11 – Advanced Server Access
O
Okta Basics Curriculum: Enable Secure Access to Linux Servers with Advanced Server Access
Okta’s Advanced Server Access tool provides access management for servers, whether they’re cloud or on prem. Rather than keeping track of various passwords and logins for individual servers, Advanced Server Access essentially manages the identity piece and provides an alternative to manual logins.
Here’s their simple diagram of how this works:
This is actually an extremely cool feature, assuming it actually works the way they say it does. I’m going to recommend that people go through the Okta training for this piece because they do a better job of explaining it than I can here. Essentially, Okta grants a short-lived certificate and a client application installed on the users’ workstation initiates a secure session with the target server. The certificate expires in minutes and they self-revoke after use, so there are no concerns about credential theft and much less of an attack surface than normal.
Okta’s docs about Advanced Server Access has more information if you want to dig in further.
The video for this lesson also makes note of some cool command line options that Advanced Server Access offers as well – you have the option once you’re authenticated to see which servers you have access to, so you can just choose one without having to re-authenticate or log in directly.
The other obvious benefit of managing server access this way is that it makes things a lot easier to handle if one of your admins leaves the company – no need to reset a hundred passwords – once they’re offboarded in Okta, any potential access goes away.
