10-Configure Universal Directory (Okta as a directory (LCM) Flashcards
Demo 1A: About Universal Directory
Demonstrate knowledge of the purpose of Universal Directory
About Universal Directory
Demo 2:
Demonstrate knowledge of custom attributes, mappings, and data transformation
Import Active Directory users
Demo 2A:
Demonstrate knowledge of custom attributes, mappings, and data transformation
About Universal Directory
Demo 2B:
Demonstrate knowledge of custom attributes, mappings, and data transformation
Manage User Profiles
Demo 2C:
Demonstrate knowledge of custom attributes, mappings, and data transformation
Okta Essentials Module 3: Configure External Directories
Demo 3:
Demonstrate knowledge of the process to add Okta mastered users
About Universal Directory
Demo 3A:
Demonstrate knowledge of the process to add Okta mastered users
Importing people
Demo 3B:
Demonstrate knowledge of the process to add Okta mastered users
Okta Essentials Module 4: Configure Groups
How does UD make Okta the master user store?
a. Universal Directory makes Okta the master user store by allowing administrators the ability to extent the user profiles by adding custom attributes.
b. When we think about universal directory we really start to think about profiles. There’s all different kinds of profiles that can store data and what this slide here illustrates very well is that each profile can contain different amount of information
c. We want to use the Okta user profile as that central repository for identity information.
What does UD allow us to do?
a. Customize user attribute relationships using Universal Directory.
b. Create and maintain a single source of truth for your users, enabling new authentication and provisioning scenarios.
Typically how many profile attributes are there in AD?
There are 125 plus attributes that can be stored in your Active Directory plus custom attributes.
What is Universal Directory used for?
a. By using universal directory we can bring those attributes into Okta and we can determine which attributes we’re going to bring into Okta and we would place them onto the directory user profile.
b. By default I think there’s about 25 attributes but one of the things with universal directory is we can do schema discovery.
Within Okta, what is a schema?
It is a container to manage object classes and attributes. The object class is a container to manage the attributes which is the data.
What is able to do schema discovery and read AD see custom attributes?
The agent can read/do schema discovery of our AD and see any custom attributes.
When we bring attributes in, do we need to map it?
Yes, Then we would need to map whatever attributes we bring in. The default is around 25 we can reduce that number or we can increase that number. We can bring in any amount of attributes we want from your Active Directory.
Can we be mastered by Active Directory but still have, at the attribute level, other masters?
Yes, We want to put all of the information that we might need from many different sources.
Once we have attributes can we push out information to other applications?
Yes, we can then use it to push out information to other applications.
For example if we think about different applications like Salesforce or Box, they require different attributes. Box has like 4 attributes where Salesforce is also a platform so it has tons of attributes.
- What are “Application user profiles” and can we do custom attributes?
Yes, We can then use that Okta user profile to send attributes out to our applications and those are called “application user profiles”.
Like Salesforce or box and we can use lifecycle management to provision those attributes to the application so really the Okta user profile is that central repository.
- How do we provision attributes to the application to apps like SF or Box?
We can use lifecycle management to provision those attributes to the application so really the Okta user profile is that central repository.
- How can we massage the data in UD?
a. We can use UD to do custom expressions to massage that data?
b. I can massage that data on the way in using the expression language or I can change that data on the way out using expression language.
How do you create a configure a user profile?
Okta org > Directory > Profile Editor
What happens when you click “Add Attribute”
a. Yes. Now Salesforce is an app that has a schema discovery just like AD.
So when I click “add attribute” here what’s actually happening is we’re making an API call out to Salesforce to see what attributes are in your Salesforce tenant because you can create custom attributes in Salesforce.
- What does “mappings” allow you to do?
a. I go into the mappings this is really important because we can map data into and out of Okta.
b. So this first tab is saying the data is flowing from Salesforce to Okta and the second tab is saying it’s going from Okta to Salesforce.
We can see what attributes are mapped.
