04 Define Users in Okta (Provisioning-LCM) Flashcards
Demo 1: Lifecycle Management Demonstrate knowledge of what lifecycle management is in Okta
Lifecycle Management
Demo 1A: Provisioning Concepts Demonstrate knowledge of what lifecycle management is in Okta
Provisioning Concepts
Demo 2: Demonstrate knowledge of when to use Okta user states and statuses
End user account states
Demo 2A: Demonstrate knowledge of when to use Okta user states and statuses
Manage users
Demo 2B: Demonstrate knowledge of when to use Okta user states and statuses
Okta Essentials Module 2: Define Your Users in Okta
Demo 3: Demonstrate knowledge of how to use app assignments, requests, and automations to provision applications to users
Access Request Workflow
Demo 3A: Demonstrate knowledge of how to use app assignments, requests, and automations to provision applications to users
Okta Essentials Module 5: Configure SSO and Provisioning
Demo 3B: Demonstrate knowledge of how to use app assignments, requests, and automations to provision applications to users
Okta Essentials Module 7: Manage Access Request Workflows
Demo 4: Demonstrate knowledge of how to manage group assignments and rules
Manage Groups
Demo 5: Demonstrate knowledge of the various group types supported by Okta
Using Group Push
Demo 5A: Demonstrate knowledge of the various group types supported by Okta
Manage Groups
Demo 5B: Demonstrate knowledge of the various group types supported by Okta
Okta Essentials Module 4: Configure Groups
Is “people” required in Okta?
Within Okta, people are one of the mandatory components. You cannot use Okta without configuring people or users within it.
Why do you want to create groups/users in Okta?
You can create different types of users, Okta-master users, import users from a directory, or import users from applications. Creating different users provides them access to applications securely and easily. With users in Okta, you can then associate administrative permissions to users for assistance administering the Okta instance.
How do you create accounts independent of an external directory service?
Import users into Okta and create groups.
How do you provide access to people outside of Okta?
Create groups that allow limited access.
Instead of “users” what does Okta refer to individuals as
People
What are the 3 types of users in Okta?
a. Okta-Mastered b. Directory-Mastered c. Application-Mastered
How does Okta allow access to different people?
While all people profiles contain core information, such as first name, last name, and email address, how the person accesses applications and authenticates to Okta depends on your directory service and Okta configurations.
What are the characteristics of Okta-Mastered people?
a. They are created and maintained in Okta b. They are authenticated against Okta policy c. They are associated with Okta groups d. Provide an alternative login method separate from external diretories. They are governed by Okta user profile.
What are the characteristics of Directory-Mastered people?
a. Has to be imported from an external directory. The people records are known as directory mastered.
b. These people are created and maintained in the external directory.
c. The directory has to be pulled into Okta using an agent.
d. It has to authenticated against the external directory
e. It has to be associated with directory or Okta groups.
f. It has to be governed by the directory user profile.
What are the characteristics of an Application-Mastered people?
a. When imported from an app, the people records are known as application-mastered.
b. These people are being created and maintained in the application such as Workday or SF.
c. Pushed to Okta using a pre-defined Okta integration Network (OIN) application.
d. Authenticated against Okta or external directory
e. Governed by the application user profile.
What are the things that administrators can do with Okta-mastered users with account and Password management?
a. Define authentication settings in Okta
b. Manage account unlocks and resets through the Okta Administrator app.
c. Can mass reset password
What are the things that end users can do with Okta-mastered users with account and password management?
a. Can modify account information and change passwords on the account settings page
b. Can use the Forget password link to reset password
What are the things that administrator can do with Directory-mastered users?
a. Define authentication settings in the directory service.
b. Manage all accounts changes through the directory services
What are the things that end users can do?
a. Unable to modify account information on the account settings page
b. Ability to change or reset passwords determined by the administrator configuration.
What is the password management for Okta-mastered users?
a. The pw policy settings enable you to define and enforce the use of strong passwords to help protect your company assets.
b. For Okta-mastered users, you can specify the character length, complexity req, pw age, and lockout athn settings in Okta.
c. You can use the Reset Password functionality to perform a bulk pw reset on all or specific Okta-mastered accounts.
What is the password management for Directory-mastered users?
a. For directory-mastered users, the pw autN are configured in directory service server.
Is enabling the AD PW Policy options default?
Enabling the AD PW Policy option in Okta, enable users to reset or change AD pw through the Okta interface, is not by default. The password policies are governed by the directory service server.
For Directory Mastered Users, what is necessary to change accounts including status changes?
a. all account changes, including status changes, must be performed in the directory service.
For example, if an employee has left the company and their account is mastered in Active Directory, change the status in Active Directory.
b. The Okta Active Directory agent pulls the status update from Active Directory and pushes it to Okta. Okta then deactivates the user account.
What does it mean when an account is “staged”
a. It reflects a new account has been created through the API, but not yet active.
When an account has been provisioned, what much occur to change the status to active?
a. An Administrator can manually activate the account.
b. With JIT provisioning enabled, the user authenticating to Okta for the first time changes the account to active.
Can you only suspend Okta-mastered users?
a. Yes, only OMU can be suspended.
What does suspending an account mean?
a. You expect the user to return and don’t want them to have access while they are away.
b. If an account associated with an API token is suspended, the token cannot be used.
What does deactivate account mean?
You are not expecting the user to return and you are beginning the process of be able to delete that account.
What must happen before you delete a user?
a. You must first deactivate the user
b. You can deactivate an account through the Okta Admin app or API
c. After the account is deleted, admins can create a new Okta user with the same username as the deleted one.
Which admin role can delete a user?
a. Super Admin
b. Org admin
c. Group Admin
How long doe Okta logs last?
a. 6 months
How do you create a user in Okta?
a. People > “Add Person”
b. Make sure the username is something.something@ – in the form of an email address.
c. Does not have to be a valid email address.
When importing users via CSV, what are the options to activate a user?
a. Automatically activate a new user
b. Do not create a password and only allow login via IDP.
What are the options to set password by user or admin?
a. Set by admin and Admin set the password and toggle of whether user must change the password on the first login.
b. Set by users and users set password with activation email sent to the user.
What does “Password expired. User is not in one-time password mode?
a. Because we said to change the password ==> this is why it is in that mode.
Your customer has 30 contractors that are going to be using Okta and they will be starting on Monday. Which feature can you use to quickly create all user records in Okta?
a. CSV import
You are uploading a CSV file using the download template for your contractors, but Mike Bennette account received an error and was not created. After reviewing the data, what is the problem?
a. Log in is not the correct format –should be in the form of an email address.
True/False. If there were other records in the CSV file, that were correctly formatted, they would have imported successfully regardless to the incorrect formatted entry.
a. True
