04 Define Users in Okta (Provisioning-LCM)

Question 1

Demo 1: Lifecycle Management Demonstrate knowledge of what lifecycle management is in Okta

Answer 1

Lifecycle Management

Question 2

Demo 1A: Provisioning Concepts Demonstrate knowledge of what lifecycle management is in Okta

Answer 2

Provisioning Concepts

Question 3

Demo 2: Demonstrate knowledge of when to use Okta user states and statuses

Answer 3

End user account states

Question 4

Demo 2A: Demonstrate knowledge of when to use Okta user states and statuses

Answer 4

Manage users

Question 5

Demo 2B: Demonstrate knowledge of when to use Okta user states and statuses

Answer 5

Okta Essentials Module 2: Define Your Users in Okta

Question 6

Demo 3: Demonstrate knowledge of how to use app assignments, requests, and automations to provision applications to users

Answer 6

Access Request Workflow

Question 7

Demo 3A: Demonstrate knowledge of how to use app assignments, requests, and automations to provision applications to users

Answer 7

Okta Essentials Module 5: Configure SSO and Provisioning

Question 8

Demo 3B: Demonstrate knowledge of how to use app assignments, requests, and automations to provision applications to users

Answer 8

Okta Essentials Module 7: Manage Access Request Workflows

Question 9

Demo 4: Demonstrate knowledge of how to manage group assignments and rules

Answer 9

Manage Groups

Question 10

Demo 5: Demonstrate knowledge of the various group types supported by Okta

Answer 10

Using Group Push

Question 11

Demo 5A: Demonstrate knowledge of the various group types supported by Okta

Answer 11

Manage Groups

Question 12

Demo 5B: Demonstrate knowledge of the various group types supported by Okta

Answer 12

Okta Essentials Module 4: Configure Groups

Question 13

Is “people” required in Okta?

Answer 13

Within Okta, people are one of the mandatory components. You cannot use Okta without configuring people or users within it.

Question 14

Why do you want to create groups/users in Okta?

Answer 14

You can create different types of users, Okta-master users, import users from a directory, or import users from applications. Creating different users provides them access to applications securely and easily. With users in Okta, you can then associate administrative permissions to users for assistance administering the Okta instance.

Question 15

How do you create accounts independent of an external directory service?

Answer 15

Import users into Okta and create groups.

Question 16

How do you provide access to people outside of Okta?

Answer 16

Create groups that allow limited access.

Question 17

Instead of “users” what does Okta refer to individuals as

Answer 17

People

Question 18

What are the 3 types of users in Okta?

Answer 18

a. Okta-Mastered b. Directory-Mastered c. Application-Mastered

Question 19

How does Okta allow access to different people?

Answer 19

While all people profiles contain core information, such as first name, last name, and email address, how the person accesses applications and authenticates to Okta depends on your directory service and Okta configurations.

Question 20

What are the characteristics of Okta-Mastered people?

Answer 20

a. They are created and maintained in Okta b. They are authenticated against Okta policy c. They are associated with Okta groups d. Provide an alternative login method separate from external diretories. They are governed by Okta user profile.

Question 21

What are the characteristics of Directory-Mastered people?

Answer 21

a. Has to be imported from an external directory. The people records are known as directory mastered.
b. These people are created and maintained in the external directory.
c. The directory has to be pulled into Okta using an agent.
d. It has to authenticated against the external directory
e. It has to be associated with directory or Okta groups.
f. It has to be governed by the directory user profile.

Question 22

What are the characteristics of an Application-Mastered people?

Answer 22

a. When imported from an app, the people records are known as application-mastered.
b. These people are being created and maintained in the application such as Workday or SF.
c. Pushed to Okta using a pre-defined Okta integration Network (OIN) application.
d. Authenticated against Okta or external directory
e. Governed by the application user profile.

Question 23

What are the things that administrators can do with Okta-mastered users with account and Password management?

Answer 23

a. Define authentication settings in Okta
b. Manage account unlocks and resets through the Okta Administrator app.
c. Can mass reset password

Question 24

What are the things that end users can do with Okta-mastered users with account and password management?

Answer 24

a. Can modify account information and change passwords on the account settings page
b. Can use the Forget password link to reset password

Question 25

What are the things that administrator can do with Directory-mastered users?

Answer 25

a. Define authentication settings in the directory service.
b. Manage all accounts changes through the directory services

Question 26

What are the things that end users can do?

Answer 26

a. Unable to modify account information on the account settings page
b. Ability to change or reset passwords determined by the administrator configuration.

Question 27

What is the password management for Okta-mastered users?

Answer 27

a. The pw policy settings enable you to define and enforce the use of strong passwords to help protect your company assets.
b. For Okta-mastered users, you can specify the character length, complexity req, pw age, and lockout athn settings in Okta.
c. You can use the Reset Password functionality to perform a bulk pw reset on all or specific Okta-mastered accounts.

Question 28

What is the password management for Directory-mastered users?

Answer 28

a. For directory-mastered users, the pw autN are configured in directory service server.

Question 29

Is enabling the AD PW Policy options default?

Answer 29

Enabling the AD PW Policy option in Okta, enable users to reset or change AD pw through the Okta interface, is not by default. The password policies are governed by the directory service server.

Question 30

For Directory Mastered Users, what is necessary to change accounts including status changes?

Answer 30

a. all account changes, including status changes, must be performed in the directory service.

For example, if an employee has left the company and their account is mastered in Active Directory, change the status in Active Directory.

b. The Okta Active Directory agent pulls the status update from Active Directory and pushes it to Okta. Okta then deactivates the user account.

Question 31

What does it mean when an account is “staged”

Answer 31

a. It reflects a new account has been created through the API, but not yet active.

Question 32

When an account has been provisioned, what much occur to change the status to active?

Answer 32

a. An Administrator can manually activate the account.
b. With JIT provisioning enabled, the user authenticating to Okta for the first time changes the account to active.

Question 33

Can you only suspend Okta-mastered users?

Answer 33

a. Yes, only OMU can be suspended.

Question 34

What does suspending an account mean?

Answer 34

a. You expect the user to return and don’t want them to have access while they are away.
b. If an account associated with an API token is suspended, the token cannot be used.

Question 35

What does deactivate account mean?

Answer 35

You are not expecting the user to return and you are beginning the process of be able to delete that account.

Question 36

What must happen before you delete a user?

Answer 36

a. You must first deactivate the user
b. You can deactivate an account through the Okta Admin app or API
c. After the account is deleted, admins can create a new Okta user with the same username as the deleted one.

Question 37

Which admin role can delete a user?

Answer 37

a. Super Admin
b. Org admin
c. Group Admin

Question 38

How long doe Okta logs last?

Answer 38

a. 6 months

Question 39

How do you create a user in Okta?

Answer 39

a. People > “Add Person”
b. Make sure the username is something.something@ – in the form of an email address.
c. Does not have to be a valid email address.

Question 40

When importing users via CSV, what are the options to activate a user?

Answer 40

a. Automatically activate a new user
b. Do not create a password and only allow login via IDP.

Question 41

What are the options to set password by user or admin?

Answer 41

a. Set by admin and Admin set the password and toggle of whether user must change the password on the first login.
b. Set by users and users set password with activation email sent to the user.

Question 42

What does “Password expired. User is not in one-time password mode?

Answer 42

a. Because we said to change the password ==> this is why it is in that mode.

Question 43

Your customer has 30 contractors that are going to be using Okta and they will be starting on Monday. Which feature can you use to quickly create all user records in Okta?

Answer 43

a. CSV import

Question 44

You are uploading a CSV file using the download template for your contractors, but Mike Bennette account received an error and was not created. After reviewing the data, what is the problem?

Answer 44

a. Log in is not the correct format –should be in the form of an email address.

Question 45

True/False. If there were other records in the CSV file, that were correctly formatted, they would have imported successfully regardless to the incorrect formatted entry.

Answer 45

a. True