05 Explain External Directories (Single Directory Integration) Flashcards

1
Q

Demo 1A: Demonstrate knowledge of the Active Directory integration options with Okta

A

Incremental Imports

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Demo 1B: Demonstrate knowledge of the Active Directory integration options with Okta

A

Install and Configure the Okta Active Directory Agent

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Demo 1C: Demonstrate knowledge of the Active Directory integration options with Okta

A

Import Active Directory users

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Demo 1D: Demonstrate knowledge of the Active Directory integration options with Okta

A

End user account states

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Demo 1E: Demonstrate knowledge of the Active Directory integration options with Okta

A

Install and configure the Okta Active Directory agent

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Demo 1F: Demonstrate knowledge of the Active Directory integration options with Okta

A

Okta Essentials Module 3: Configure External Directories

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What primary tasks does the Okta AD agent do?

A

Authentication Provisioning

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What are the benefits of the Okta AD integration?

A

a. Enables you to integrate Okta with your on-prem AD services.
b. Provides delegated Authentication support, allowing users to sign in to Okta with their AD credentials.
c. Allows for provisioning and de-provisioning
d. The ability to import AD security groups

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What does the Okta AD integration enables you to do?

A
  1. It allows you to integrate Okta with your on-premises AD service.
  2. The integration also allows you to delegate AuthN support allowing users to sign in to Okta with their AD credentials.
  3. Ability to do user provisioning and de-provisioning
  4. The ability to import AD security groups.
  5. Ability to apply security controls to directory-mastered users. Provision AD-mastered users into Okta.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What exactly is an agent?

A

a. Windows Services

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

All Agents maintain a continuously active connection back to Okta Cloud service?

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Okta recommends that you set up 2 or more AD agents for each domain?

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

If you create the Okta Service account with the first AD agent, then you are prompted to enter your pw on the 2nd agent installation?

A

True/false

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Installing multiple agent in close geographical proximity to your users does not enhance performance

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

When you have multiple agents installed, the system will automatically select the appropriate agent based on user location?

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Agents send periodic messages to the service. If the service does not receive a message for 60 seconds, it is marked as unavailable.

A

True

17
Q

The AD agent selects which domain controller to communicate with?

A

True

18
Q

What are the steps that a user takes to get authenticated through AD and Okta to cloud apps.

A

a. User logs into Okta using their AD username and password
b. AD agents. Looking for authN requests, one agent picks the requests up an sends it to the AD Domain Controller for authN. This is Delegated Athentication. Best Practice is to have at least 2 Okta AD agents running at all times. They use an Active/Active protocol so both agents are polling the Okta org looking for requests. There is automatic load balancing happening between the Agents, so no need for a load balancer. The agents use outbout port 443, which is https, so there is no need to change firewall settings. The agents can be install on any member server. c. The AD domain controller accepts the AuthN request from the Okta AD agent and Authenticates the user. It returns a token to the Okta AD agent with a “yes”. The user was successfully authenticated or a “no” the user was not successfully authenticated. d. The Okta AD agent returns the token to Okta. e. Authenticated. If the user was successfully authN, Okta displays the dashboard. If the user was not successfully authenticated, Okta returns SignOn failed to the user.

19
Q

What happens after the agent picks up a request for authentication?

A

It sends it to the Domain Controller for Authentication.

20
Q

What is delegated authentication?

A

a. An agents after picking up a request from Okta AD agent, sends it to the Domain Controller for authentication.

21
Q

What protocol does the AD agent do to poll Okta org?

A

AD agents use an active/active protocol so both agents are polling the Okta org looking for requests.

22
Q

There is no automatic load balancing so you have to set up load balancing

A

False. There is automatic load balancing so no need to set up load balancing

23
Q

What port does the agent use outbound to communicate?

A

a. Port 443, which is https, so no need to change firewall settings.

24
Q

What are the steps to installing and configure the Okta AD agent?

A

a. Go to domain installer and install the agent. (Best practice is not to install on main controller). b. Go to Okta Org to download the agent. i. ==> directory ==> integrations c. Click “Add Active Directory” ==> Active Directory d. See architecture slides e. Click “Setup Active Directory” f. Click “Download Agent” g. Save h. Run as Admin i. Install on default path j. Detects the AD domain k. Detects the entire tree structure and the domain. l. Ask to create a password m. Proxy or not n. Pick preview o. Enter subdomain. p. Enter ad.admin@oktaice / okta.com

25
Q

Why is it important to remember which local directory you installed your AD agent?

A

a. This is the default installation folder. The reason why this is important is because it does local logging so if you ever have a problem and you want to be able to look at the local logs you need to know where you installed it so it’s OK if you change it just remember where you changed it to.

26
Q

What is the server requirements for installing the Okta AD agent?

A

a. Windows Server 2008 R2 or later b. Don’t need to install the agent on the domain controller itself. c. Must be a member of the AD domain I.e. the agent host server must be a member of the same windows domain as your AD users. d. Consider the agent as part of your IT infrastructure I.e. It has to be on all the time. Must have a continuous connection e. Recommend browser installation. If not, transfer the agent installer to the agent host, then run the installer.