Okta Flashcards
What are mandatory components when creating your Okta Org?
People and Applications
What are optional components when creating your Okta Org
Groups and Directories
Can you change the account master for an account at any time after creation? For example, directory-mastered accounts can change to Okta-mastered when an external directory is decommissioned.
Yes
If users want to access applications from a mobile device, what app should they use?
Okta Mobile
On initial Okta authentication, what is required for non-SAML configured applications?
The Okta browser plugin. After the plugin is installed, users can access the applications as necessary.
What is an Agent?
A lightweight program that runs as a service outside of Okta. It is typically installed behind a firewall and allows Okta to tunnel communication between an on-premises service and Okta’s cloud service.
What is the Application Integration Wizard (AIW)? And what kind of apps can you create with it?
If the application that you want to add does not already exist in the OIN, create it with the AIW. The AIW allows you to create custom SWA, SAML 2.0, and OIDC apps with immediate functionality.
What is Attribute level mastering (ALM)?
It’s an enhancement to the profile-mastering concept. ALM changes the profile-mastering model by allowing administrators to override the source that masters the entire Okta user profile.
What is an Identity Provider (IdP)?
It is a service that manages end user accounts analogous to user directories such as LDAP and Active Directory, and can send SAML responses to SPs to authenticate end users. Within this scenario, the IdP is Okta.
What is OpenID Connect (OIDC)?
An authentication layer on top of OAuth 2.0, an authorization framework. The standard is controlled
by the OpenID Foundation.
What is a Profile Master?
A profile master is an application (usually a directory service such as Active Directory, or human capital
management system such as Workday) that acts as a source of truth for user profile attributes. A user can only be mastered by a single application or directory at any one time.
What is Provisioning?
CRUD - The ability to automatically create, read, update and deactivate a user in an application
What does SP mean and how does it work with Okta?
An acronym for service provider. Generally, an SP is a company, usually providing organizations with communications, storage, processing, and a host of other services. Within Okta, it is any website that accepts SAML responses as a way of signing in users, and has the ability to redirect a user to an IdP (e.g., Okta) to begin the authentication process.
What is SWA and what does it do?
An acronym for Secure Web Authentication. SWA is a SSO system developed by Okta to provide single sign-on for apps that don’t support proprietary federated sign-on methods or SAML. Users can enter their credentials for these apps on their homepage. These credentials are stored such that users can access their apps without entering their credentials each time. When users first sign-in to a SWA app from their homepage, they see a pop-up message asking if they were able to sign-in successfully.
What is a Template App?
An app that can be used to create custom applications that are not in the OIN.
What are the traits of Okta-mastered Users?
- Created and Maintained in Okta
- Authenticate against the Okta policy
- Associated with Okta groups
- Provide an alternate login method separate from an external directory
- Governed by the Okta user profile
What are the traits of Directory-Mastered Users?
- Created and Maintained in the external directory
- Pulled into Okta
- Authenticate against the external directory
- Associated with directory or Okta groups
- Governed by the directory user profile
What are the traits of Application-Mastered users?
- Created and maintained in the application
- Pushed to Okta
- Authenticate against Okta or external directory
- Governed by the application user profile
What can an Okta-mastered Admin do around password and account management?
- Define authentication settings in Okta
- Manage account unlocks and resets through the Okta Administrator app
- Can mass reset passwords
What can an Okta-Mastered USER do around password and account management?
- Can modify account information and change passwords on the account settings page
- Can use the Forgot password link to reset password
What can a Directory-Mastered Admin do around password and account management?
- Define authentication settings in the directory service
* Manage all account changes through the directory service
What can/can’t a Directory-Mastered USER do around password and account management?
- UNABLE to modify account information on the account settings page
- Ability to change or reset passwords determined by administrator configuration
What does enabling the Active Directory Password Policy options in Okta do?
It enables users to reset or change Active Directory passwords through the Okta interface.
Alternatively, you can disable delegated authentication and enable Sync Password, which passes the Okta password to Active Directory. Regardless of how you enable directory-mastered accounts to change passwords, the password policies are governed by the directory service server.
What can a Super Admin do?
Has full access to perform all administrative tasks and permission sets in Okta