Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CoreTech-Professional Test > Identity Providers > Flashcards

Identity Providers Flashcards

1
Q

What are the benefits of adding a social IdP?

A

Adding a Social Identity Provider in Okta allows your end users to self-register with your custom applications by first authenticating through their existing social identity accounts such as Facebook, Google, Microsoft, or LinkedIn.

For new users of your custom app, you can configure Okta to create a Just In Time (JIT) Okta user profile based on attributes stored in your end users’ social profiles.

You can use Social IdPs like Facebook and Google as target IdPs within IdP Discovery Routing Rules. For more information about IdP Discovery, see Identity Provider Discovery.

To add a social identity provider, click Add Identity Provider, and then select a social IdP. Detailed information is available on the Social Authentication article on the Okta Developer Site.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What are key benefits of Social AuthN

A
  1. No need to build and maintain your own user database, engineer a sign-on and authentication infrastructure, or manage usernames and passwords.
  2. Ensure quick and easy self-registration to your custom applications.
  3. Okta profiles are updated automatically when your users update their social profiles.
  4. Users do not need to remember an additional password.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Configure inbound SAML (using Okta as a SP)

A

In addition to using Okta as an identity provider (IdP), you can also configure Okta as a service provider (SP). When Okta is used as a service provider it integrates with an identity provider outside of Okta using SAML. Inbound SAML allows users from external identity providers to SSO into Okta.

The System Log provides information about the Inbound SAML events that occur in the system. This information can be useful for debugging your configuration.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What are the benefits of inbound SAML

A

Inbound SAML allows you to set up the following scenarios.

  1. Your users can SSO into apps without needing an Okta password.
  2. You do not need to set up an Active Directory (AD) agent.
  3. You can connect to a partner.
  4. You can federate with another IdP.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What are some of the customization options

A

Customization Options

When you connect your users to Okta with Inbound SAML, there are several customization options.

  1. Your users can SSO into Okta with no additional provisioning; that is, the users are mastered in Okta.
  2. Your users can be provisioned into Okta with Just In Time (JIT) provisioning that is managed by an IdP.
  3. Your users can be assigned to groups with JIT.
  4. You can enable or disable automatic account linking between SAML identity providers and Okta. You could also restrict automatic account linking based on whether the Okta user is a member of any specified groups.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What are the capabilities

A
  1. Because Inbound SAML is built on Universal Directory (UD), you can store rich attributes in Okta from incoming assertions.
  2. Define any number of identity providers and define an unlimited number of attributes for each provider using the Profile Editor. You are not limited to just the first name, last name, email, and phone attributes
  3. Control over JIT provisioning. A per-IdP toggle allows you to enable/disable JIT provisioning on a per-IdP trust basis.
  4. Username filtering to enhance security. You can specify an analyzing username suffix that must be matched.
  5. Support for encrypted assertions.
  6. Support for both a shared ACS URL or a trust-specific ACS URL.
  7. Support for configurable signature algorithm requirements and configurable clock skew.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What are some of the supported Algorithms

A

Supported Algorithms

The following algorithms are supported for inbound SAML.

Encryption

Inbound SAML transparently supports encrypted SAML assertions. The IdP can encrypt using the public certificate from Okta and any of the following XML encryption algorithms.

http: //www.w3.org/2001/04/xmlenc#aes128-cbc
http: //www.w3.org/2001/04/xmlenc#aes192-cbc
http: //www.w3.org/2001/04/xmlenc#aes256-cbc
http: //www.w3.org/2001/04/xmlenc#tripledes-cbc

Digest

http: //www.w3.org/2000/09/xmldsig#sha1
http: //www.w3.org/2001/04/xmlenc#sha256

Signature

http: //www.w3.org/2000/09/xmldsig#rsa-sha1
http: //www.w3.org/2001/04/xmldsig-more#rsa-sha256

Canonicalization

http://www.w3.org/2001/10/xml-exc-c14n#

Transform

http: //www.w3.org/2000/09/xmldsig#enveloped-signature
http: //www.w3.org/2001/10/xml-exc-c14n#

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is PIV

A

A personal identity verification (PIV) card is a United States federal smart card that contains the necessary data for the cardholder to be granted to federal facilities and information systems and assure appropriate levels of security for all applicable federal applications. PIV cards are very strong authenticators (up to IAL3/AAL3, per NIST guidance), which can replace the username and password as an authentication method where supported.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What are the steps to set up PIV

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly

CoreTech-Professional Test (24 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions