10-Configure Universal Directory (Okta as a directory (LCM)

Question 1

Demo 1A: About Universal Directory

Demonstrate knowledge of the purpose of Universal Directory

Answer 1

About Universal Directory

Question 2

Demo 2:

Demonstrate knowledge of custom attributes, mappings, and data transformation

Answer 2

Import Active Directory users

Question 3

Demo 2A:

Demonstrate knowledge of custom attributes, mappings, and data transformation

Answer 3

About Universal Directory

Question 4

Demo 2B:

Demonstrate knowledge of custom attributes, mappings, and data transformation

Answer 4

Manage User Profiles

Question 5

Demo 2C:

Demonstrate knowledge of custom attributes, mappings, and data transformation

Answer 5

Okta Essentials Module 3: Configure External Directories

Question 6

Demo 3:

Demonstrate knowledge of the process to add Okta mastered users

Answer 6

About Universal Directory

Question 7

Demo 3A:

Demonstrate knowledge of the process to add Okta mastered users

Answer 7

Importing people

Question 8

Demo 3B:

Demonstrate knowledge of the process to add Okta mastered users

Answer 8

Okta Essentials Module 4: Configure Groups

Question 9

How does UD make Okta the master user store?

Answer 9

a. Universal Directory makes Okta the master user store by allowing administrators the ability to extent the user profiles by adding custom attributes.
b. When we think about universal directory we really start to think about profiles. There’s all different kinds of profiles that can store data and what this slide here illustrates very well is that each profile can contain different amount of information
c. We want to use the Okta user profile as that central repository for identity information.

Question 10

What does UD allow us to do?

Answer 10

a. Customize user attribute relationships using Universal Directory.
b. Create and maintain a single source of truth for your users, enabling new authentication and provisioning scenarios.

Question 11

Typically how many profile attributes are there in AD?

Answer 11

There are 125 plus attributes that can be stored in your Active Directory plus custom attributes.

Question 12

What is Universal Directory used for?

Answer 12

a. By using universal directory we can bring those attributes into Okta and we can determine which attributes we’re going to bring into Okta and we would place them onto the directory user profile.
b. By default I think there’s about 25 attributes but one of the things with universal directory is we can do schema discovery.

Question 13

Within Okta, what is a schema?

Answer 13

It is a container to manage object classes and attributes. The object class is a container to manage the attributes which is the data.

Question 14

What is able to do schema discovery and read AD see custom attributes?

Answer 14

The agent can read/do schema discovery of our AD and see any custom attributes.

Question 15

When we bring attributes in, do we need to map it?

Answer 15

Yes, Then we would need to map whatever attributes we bring in. The default is around 25 we can reduce that number or we can increase that number. We can bring in any amount of attributes we want from your Active Directory.

Question 16

Can we be mastered by Active Directory but still have, at the attribute level, other masters?

Answer 16

Yes, We want to put all of the information that we might need from many different sources.

Question 17

Once we have attributes can we push out information to other applications?

Answer 17

Yes, we can then use it to push out information to other applications.

For example if we think about different applications like Salesforce or Box, they require different attributes. Box has like 4 attributes where Salesforce is also a platform so it has tons of attributes.

Question 18

10. What are “Application user profiles” and can we do custom attributes?

Answer 18

Yes, We can then use that Okta user profile to send attributes out to our applications and those are called “application user profiles”.

Like Salesforce or box and we can use lifecycle management to provision those attributes to the application so really the Okta user profile is that central repository.

Question 19

11. How do we provision attributes to the application to apps like SF or Box?

Answer 19

We can use lifecycle management to provision those attributes to the application so really the Okta user profile is that central repository.

Question 20

12. How can we massage the data in UD?

Answer 20

a. We can use UD to do custom expressions to massage that data?
b. I can massage that data on the way in using the expression language or I can change that data on the way out using expression language.

Question 21

How do you create a configure a user profile?

Answer 21

Okta org > Directory > Profile Editor

Question 22

What happens when you click “Add Attribute”

Answer 22

a. Yes. Now Salesforce is an app that has a schema discovery just like AD.

So when I click “add attribute” here what’s actually happening is we’re making an API call out to Salesforce to see what attributes are in your Salesforce tenant because you can create custom attributes in Salesforce.

Question 23

15. What does “mappings” allow you to do?

Answer 23

a. I go into the mappings this is really important because we can map data into and out of Okta.
b. So this first tab is saying the data is flowing from Salesforce to Okta and the second tab is saying it’s going from Okta to Salesforce.
We can see what attributes are mapped.