06 - Configure Groups Flashcards
Demo 5:
Demonstrate knowledge of the various methods for activating and deactivating users
Reprovisioning a Deactivated Active Directory Account
Demo 5A:
Demonstrate knowledge of the various methods for activating and deactivating users
Activate and Deactivate Users
Demo 5B:
Demonstrate knowledge of the various methods for activating and deactivating users
Okta Essentials Module 2: Define Your Users in Okta
Demo 5C:
Demonstrate knowledge of the various methods for activating and deactivating users
Okta Technical Consultant Boot Camp: Defining Users
What are the 3 types of groups:
a. Okta
b. Directory
c. Application
- What is the difference between Oka group and the other 2 groups:
a. Okta group are created and memberships is managed in Okta
b. The members of Okta groups can be Okta, Directory, or Application-mastered users.
What is the difference between Directory group and the other 2 groups:
a. Directory group are created and membership is managed in the external directory service.
b. Only directory-mastered users can be members of directory groups; this is established in the external directory service.
c. Directory groups are copied into Okta
d. If the external directory instance is deactivated or deleted, the associated groups no longer appear in Okta.
What is the difference between Application group and the other 2 groups:
a. Application groups are created and membership is managed in the application.
b. Members of application groups are pulled into Okta during application creation.
c. Application groups are copied into Okta.
d. If the application connector is deactivate or deleted, the group no longer appears in Okta.
Can you have a duplicate group name from different directories?’
a. Yes
Can you have duplicate group names on the same directory?
a. No, For example, you can have an Okta Sales group and an Active Directory Sales group, but you cannot have two Okta Sales groups. Notice that groups can have the same name but a different source. What makes the group unique is the source plus the group name.
Can you delete or modify groups in Okta?
a. No, Directory groups are completely managed on the directory service. You cannot delete or modify the group within Okta.
What should you do if you need to delete a group in AD?
a. If a group is to be deleted, perform the deletion in Active Directory and run a full import to have the agent push the update to Okta.
Do all Applications support groups?
a. No
What is the best practice for working with diverse groups of okta and AD groups.
a. For example, if your contractor Sales team is not part of your Active Directory domain, but they require access through Okta to Salesforce, you can create Okta-mastered users and groups for the contractor Sales people.
What does Group allow administrators to do?
i. Divide the user base into smaller segments and refine application access and security policies.
ii. People and applications can be members of a group.
iii. People are automatically assigned any applications that are members of a group.
What are the 3 types of groups?
i. Okta groups
ii. Directory Groups
iii. Application groups
What is entailed in Okta group?
i. OG is created and membership is managed in Okta
ii. The members of OG can be Okta, directory or App-mastered users.
What is entailed in Directory Group (DG)
i. DG are created and membrerships is managed in the external services
ii. Only DMU can be members of DG. This is established in the external Directory Service.
iii. DG is copied into Okta
iv. If the external directory instance is deactivated or deleted, the associated group no longer appear in Okta.
What is entailed in application group (AG)
i. AG are created and membership is managed in the app.
ii. Members of AG are pulled into Okta during app creation.
iii. AG are copied into Okta
iv. If app connectors is deactivated or deleted, the group no longer appears in Okta.
Is creating groups mandatory?
i. No, but you can use groups to segments users in similar job roles or functions
Can you associated any user with an Okta Group?
i. Yes– but only DMU can be associated with group defined on the same directory server and application-mastered users can only be associated w groups defined in the application.
How are directory groups created?
Directory groups are created on the directory instance and copied into Okta. All directory group changes must be performed on the directory server and pulled into Okta.
Okta directory agents are able to copy the directory group information because of
i. The permissions granted to the Okta service account.
What happens when you delete or deactivate a directory instance?
If you deactivate or delete a directory instance, these groups no longer appear and the associations to applications are removed.
