07 - Configure SSO & Provisioning

Question 1

Demo 1: Okta Integration Network/Applications Demonstrate knowledge of the OIN and how to leverage Okta out-of-the-box app integrations

Answer 1

Applications

Question 2

Demo 1A: Okta Integration Network/Applications Demonstrate knowledge of the OIN and how to leverage Okta out-of-the-box app integrations

Answer 2

Okta Integration Network/Applications

Question 3

Demo 1B: Okta Essentials Module 5: Configure SSO and Provisioning Demonstrate knowledge of the OIN and how to leverage Okta out-of-the-box app integrations

Answer 3

Okta Essentials Module 5: Configure SSO and Provisioning

Question 4

Demo 2: The Applications Page Demonstrate knowledge of how to search for pre-built integrations and identify the app capabilities

Answer 4

The Applications Page

Question 5

Demo 2A: Okta Essentials Module 5: Configure SSO and Provisioning Demonstrate knowledge of how to search for pre-built integrations and identify the app capabilities

Answer 5

Okta Essentials Module 5: Configure SSO and Provisioning

Question 6

What does configuring application in Okta enables you to do?

Answer 6

Configuring applications within Okta enables you to provide additional security layers on sensitive corporate data, while also providing insight to application and data usage by people at your company.

Question 7

Okta supports integration with various SSO options. What does that include?

Answer 7

Delegated authentication Proprietary vendor specific protocols.

Question 8

SSO integration allows for:

Answer 8

Provide access to applications for all users Configure app access adhering to company policies. Create and maintain a single source of truth for your users, enabling new authN and provisioning scenarios.

Question 9

What are the OIN stats:

Answer 9

6500 built-in and community generated apps 1300 enabled with SAML to provide secured enterprise-level SSO 150 are mobile ready to remote workforce. 230 are provisioning enabled so you can automate the process of account

Question 10

What is AIW?

Answer 10

In-product wizard called the Application Integration Wizard (AIW) that allow you to build your own SWA, SAML SSO, or SCIM provisioning integrations.

Question 11

What is Okta in place?

Answer 11

Okta authenticates users and then SSO to all assigned applications with communications into Okta occurring over HTTPS. If a user opens an application without first authenticating to Okta, the application automatically redirects to Okta for authentication.

Question 12

What is AIW?

Answer 12

In-product wizard called the Application Integration Wizard (AIW) that allow you to build your own SWA, SAML SSO, or SCIM provisioning integrations.

Question 13

What is the problem with SAML and WS-Fed

Answer 13

The problem is they’re not very lightweight and not very easy to work with. They do not work with modern applications natively.

Question 14

What is the advantage with OIDC?

Answer 14

One of the things you see is that OpenID connect is based on OAuth. So, we’re going to be able to achieve a single process for not only providing access to our apps, but we’re going to then also use the same request for secure access to our APIs. OpenID Connect has all these benefits.

Question 15

What is SWA

Answer 15

Secured Web Authentication. Okta’s pw manager feature.

Question 16

How does SWA work?

Answer 16

What this does is when a user navigates to a site, we detect the URL and insert a username and password into that form.

Question 17

What is the drawback with SWA?

Answer 17

a. The drawback to SWA is that it requires a browser plug-in and so in a customer identity and access management situation, you wouldn’t be asking your customers to install a plug-in for secure access to your apps or sites. b. Also, it’s not Federated. So, even though it’s automated, you still have to think about password issues for those endpoints. The key benefit is that it doesn’t require any development. So, you just need that login form, but there’s a lot of drawbacks to working with SWA.

Question 18

What is the Signon Methods for SWA?

Answer 18

a. AuthN request b. Access request granted c. App access request through the Okta app d. UX: When users click an application icon, Okta securely posts their credentials to the application login page over SSL and the user is automatically authenticated

Question 19

13. Considerations of SWA

Answer 19

a. SWA was created for applications that do not support federated SSO b. For SWA applications, the Okta Browser Plugin is required. c. Okta stores the user credentials in an encrypted format using AES encryption combined with a customer-specific private key.

Question 20

14. SWA sign-in options.

Answer 20

a. User sets username and password b. Administrator sets username, user sets password c. Administrator sets username, password is the same as user’s Okta password d. Users share a single username and password set by administrator

Question 21

16. What is Authentication vs. Federation?

Answer 21

a. AuthN is the process of proving the identity of a person or system. b. Federation is the process by which an app or site requests proof of authN from a trusted source. c. Basically, it answers the question, “Who are you, and how do you prove it?” So, typically this requires a user entering their username and password and perhaps some sort of MFA. Secure authentication these days often involves multi-factor authentication. You’re starting to see it more with many sites adopting it, but other sites still use just a username and password. d. Now, when we talk about Federation, what we’re talking about is we have this app and we need to create a trust relationship between that app and Okta (IdP) essentially so that when a user goes to access that application, we are not going to require that they authenticate again. Instead, we’re going to request proof that they have already successfully authenticated and then provide, in an automated fashion, access. One of the key ways to think about the difference is that users are authenticated and apps are Federated.

Question 22

Signon Methods: SAML.

Answer 22

a. Standards-based i. Ensures interoperabilty across IdPs ii. Enterprises free to select a vendor b. For the most secure authentication, it’s recommended to use a standard-based protocol such as SAML. i. It eliminates the need for pw by using digital signature for authN. c. For Security: i. use SSO protocol. ii. It is used globally. iii. Based on digital signature for authN and integrity. d. IT friendly: i. Centralized authN, ii. Provides greater visibility, iii. Makes directory integration easier. e. Usability: i. One-click access from portals or intranet. ii. Deep linking, iii. password elimination, iv. automatic renewal of sessions.

Question 23

What are the 3 roles of SAML

Answer 23

a. IdP: the entity that actually authenticates the user; in this case, Okta. (assert) b. Service Provider (SP): the application or website the user is trying to access. (Provide) c.End User: the end-user trying to authenticate to the service. (authN)

Question 24

IdP initiated SAML

Answer 24

a. AuthN to Org b. Access request granted c. SAML response forwarded d. AuthN and SAML response creation

Question 25

SP initiated SAML:

Answer 25

a. Application opened b. SAML generation and redirection to Okta c. Follows redirect to Okta d. AuthN and SAMl response creation SAML verification and user authN

Question 26

Provisioning and de-provisioning are bi-directional?

Answer 26

True. Accounts can be created in an app and imported into Okta or added to Okta and then pushed to corresponding apps.

Question 27

What are the steps to provisioning a user?

Answer 27

a. Admin creates a new user in the “marketing group” (UI) b. Ad agent Sync grabs user info (Active Directory) c. Ad agent pushes user info (Okta Active Directory Agent) d. Okta creates new user in app (Okta > Salesforce, etc)

Question 28

All application support user provisioning.

Answer 28

False, Not all application support user provisioning.

Question 29

True/false. A provisioning API helps you manage the identity or user lifecycle, including onboarding through to departing the company by connecting your HR system or a directory such as Active Directory with your application.

Answer 29

a. True. With Okta and the account provisioning capabilities, these user identity changes can be leveraged to trigger appropriate actions in the integrated applications. b. By exposing the required account provisioning APIs, your application can rely on Okta to help manage and monitor users and access within your application.

Question 30

What are some of the provisioning features?

Answer 30

a. the provisioning of accounts for new users, b. deprovisioning accounts for deactivated users c. and synchronizing user attributes across multiple directories.

Question 31

What are some example of User Mastered

Answer 31

a. Okta-Mastered b. AD mastered, Active Directory mastered user, the user is created and maintained in Active Directory and Active Directory is doing the authentication. c. Application Mastered. This is also known as an application mastered user because it’s coming from Workday into Okta and again if I want to make a change to that user I would have to go to Workday to make that change.

Question 32

What is delegated authentication?

Answer 32

Delegated authentication and we’re delegating the authentication to AD

Question 33

29. What are the steps to configure LCM (using SF)

Answer 33

a. Application > application
b. Provisioning Tab > “Enable API integration”
c. Enter user name and Password + Token
d. You can reset your token inside of Salesforce
e. Test API Credentials ( I’m just establishing that connection so Okta can call the Salesforce API’s).
f. Enable the right SF APIs that will “Create a user”, Update a User”, Deactivate a User”.
g. Default Mappings
h. Assign “Sales Staff” > Assignment tab > Assign Groups >
i. Assign Profiles > “Chatter Free” > Save
j. Check in SF to see if it provisioned “Sales Staff” > Salesforce > Manage Users > Users
k. Logout, then log back in as Ona admin. See SF in my list of apps and have SSO.

Question 34

What are the categories of OIN integration

Answer 34

Popular categories

Question 35

What are the categories of OIN integration

Answer 35

Human Resources

Question 36

What are the categories of OIN integration

Answer 36

Network Security

Question 37

What are the categories of OIN integration

Answer 37

Application Delivery Controllers

Question 38

What are the categories of OIN integration

Answer 38

Security Analytics

Question 39

What are the categories of OIN integration

Answer 39

Cloud Access Security Brokers

Question 40

What are the categories of OIN integration

Answer 40

API Gateway

Question 41

What are the categories of OIN integration

Answer 41

Infrastructure as a Service

Question 42

What are the categories of OIN integration

Answer 42

Identity Governance and Administration

Question 43

What are the categories of OIN integration

Answer 43

ID Proofing

Question 44

Privilege Access Management

Answer 44

Question 45

What are the categories of OIN integration

Answer 45

Endpoint Security and Management

Question 46

What are the categories of OIN integration

Answer 46

Healthcare Technologies

Question 47

What are the categories of OIN integration

Answer 47

Protocol-based Custom Integrations

Question 48

What are the categories of OIN integration

Answer 48

Bot Detection

Question 49

What are the categories of OIN integration

Answer 49

Customer Data Integrators

Question 50

What are the categories of OIN integration

Answer 50

Apps for Good

Question 51

What are the categories of OIN integration

Answer 51

EMAIL SECURITY

Question 52

What are the categories of OIN integration

Answer 52

SaaS Management Platform