Welcome to iamse.blog
This blog presents a series of articles on Identity and Access Management (IAM) written / curated / compiled by passionate group of engineers, evangelist, and other interested parties. You will find identity-centric, technology-driven articles and IAM domain articles, some written here and others collected from different sites where they have been published.
See the blocks down the side to navigate between pages, categories, tags and authors.
Disclaimer: This site is not OWNED, MANAGED or MAINTAINED by OKTA, Inc. OKTA, Inc has no direct affiliation with this site vice versa.
You won’t want to miss the amazing content that gets published continuously, so subscribe right here:
- Unofficial OINby Matt McKelveyWhat is the “OIN”? The Okta Integration network is a network of integrations that Okta maintains for the different service providers (SaaS applications) that Okta connects with and provides setup documentation for. There are around 8,000 applications in the Okta Integration Network as I write this article. When a business wants to check if their … Continue reading Unofficial OIN →
- Token protection (DPoP) with Oktaby Indranil JhaDPoP brings additional security to accessing both Okta APIs and external APIs. This article outlines the implementation steps to integrate applications with Okta using DPoP to prevent the misuse of authorization tokens.
- Okta Privileged Access: Secret Rotation Reminderby Rajesh KumarThis article is to help to rotate static credentials managed by the Okta Privileged Access vault by sending a reminder to the security team if the secret is vaulted and has not been rotated for more than 30 days (configurable). The Security team can take action and rotate the secrets. This solution is provided as … Continue reading Okta Privileged Access: Secret Rotation Reminder →
- Okta Privileged Access: Hashicorp Vault Secrets Migrationby Rajesh KumarThis article is to help to migrate Hashicorp vaults’ secret into the Okta Privileged Access vault. This solution is provided as a guide and it can be further enhanced or extended to use for any other third party vault. The given tool is developed in java using Spring Boot framework. This tool has a property … Continue reading Okta Privileged Access: Hashicorp Vault Secrets Migration →
- New Security Features on Okta Admin Consoleby Gaston RodriguezOkta is at the forefront of the fight against identity attacks. Product, engineering and security teams continually innovate our technology platform to protect our customers. Okta is committed to lead the industry against identity attacks. In this blog post I’ll review recent Security enhancements on Okta Admin Console available for all Okta Identity Engine orgs. … Continue reading New Security Features on Okta Admin Console →
- Leveraging Microsoft Authenticator as a Possession Factor with Oktaby jeffhawthearchitectPlease read the disclaimer first before you start implementing the approach DISCLAIMER: Okta Documentation mentions that configuring Microsoft Azure Active Directory (AAD) can’t be used as an IDP Authenticator. This article will test that statement hence if you decide to implement this in your own Okta production org/instance and got into any production issues, Okta … Continue reading Leveraging Microsoft Authenticator as a Possession Factor with Okta →
- Okta Device Access with Kandji a step-by step guideby Arkadiusz KrowczynskiIntroduction In this Blog Post, I’ll take you on a journey how to configure Okta Device Access Desktop MFA and Desktop Password Sync if you use Kandji as your Mobile Device Management (MDM) solution for your device fleet.We start with the configuration on Okta and I show how to create the necessary configuration profiles on Kandji side,Have fun reading the blog and then, … Continue reading Okta Device Access with Kandji a step-by step guide →
- Authenticate with PAR, an underrated gemby Indranil JhaOAuth 2.0 is widely used in digital applications for authentication and authorization, but it has security and scalability weaknesses. Pushed Authorization Request (PAR) addresses many concerns with the conventional flow. It is beneficial for high-security scenarios like finance and healthcare, as well as in handling large or complex requests.
- Deleting Inactive Users in Auth0 with Okta Workflowsby Toby AllenA while ago Okta announced the integration of Okta Workflows with Auth0. Bringing low-code automation to the Auth0 platform. In this blog post I am going to talk about leveraging Workflows to remove inactive users from a tenant. I am using this in a demo environment where I have people login to demonstrate passkeys (As … Continue reading Deleting Inactive Users in Auth0 with Okta Workflows →
- Connecting an Auth0 tenant to Okta Workflowsby Toby AllenA while ago Okta announced the integration of Okta Workflows with Auth0. Bringing low-code automation to the Auth0 platform. In this blog post I am going to cover the setup steps for the integrations. In another blog post I give an example of deleting inactive users from a one of my conference demo instances. There … Continue reading Connecting an Auth0 tenant to Okta Workflows →
- Secure your tokens – an introduction to DPoPby Indranil Jha𝐏𝐫𝐨𝐨𝐟-𝐨𝐟-𝐩𝐨𝐬𝐬𝐞𝐬𝐬𝐢𝐨𝐧 capabilities are becoming pivotal in ensuring application token security with the increasing adoption of OAuth-based access management. 𝐃𝐏𝐨𝐏, or 𝐃𝐞𝐦𝐨𝐧𝐬𝐭𝐫𝐚𝐭𝐢𝐧𝐠 𝐏𝐫𝐨𝐨𝐟 𝐨𝐟 𝐏𝐨𝐬𝐬𝐞𝐬𝐬𝐢𝐨𝐧 is a relatively new standard that comes with promising security features, especially for the internet-facing open applications.
- Okta Device Access Desktop Password Sync with Microsoft Intuneby Arkadiusz KrowczynskiIntroduction In this blog post, I’ll take you on a journey how to configure Okta Device Access Desktop Password Sync if you use Microsoft Intune as your Mobile Device Management (MDM) solution for your macOS device fleet.We start with the configuration on Okta, show how to create the necessary configuration profiles on Microsoft Intune side and a demo how the Okta … Continue reading Okta Device Access Desktop Password Sync with Microsoft Intune →
- Okta Desktop MFA for macOS with Microsoft Intuneby Arkadiusz KrowczynskiIntroduction In this blog post, I’ll take you on a journey how to configure Okta Device Access Desktop MFA if you use Microsoft Intune as your Mobile Device Management (MDM) solution for your macOS device fleet.We start with the configuration on Okta and show how to create the necessary configuration profile on Intune side.Have fun reading the blog and then, of … Continue reading Okta Desktop MFA for macOS with Microsoft Intune →
- Securely verify transactions – Can CIBA lead the way?by Indranil JhaClient-Initiated Backchannel Authentication (CIBA) is rapidly gaining traction and showing promise in delivering a secure and seamless experience during sensitive transaction verification within a digital application. Here are some notes about this interesting development and how Okta is pioneering its adoption.
- Advanced Server Access PLUS step-up MFA for sudo with RADIUSby shadlutzOkta’s Advanced Server Access (ASA) eliminates password and SSH-key challenges with just-in-time, ephemeral certificates, improving security and user experience. While ASA doesn’t support transactional MFA, Okta’s RADIUS agent with the libpam_radius module enables sudo step-up MFA. The guide details RADIUS agent setup, server configuration, and sudo entitlement adjustments for enhanced security.
- FIDO2 for Desktop MFA for macOSby Arkadiusz KrowczynskiApril 2024 : This is a Early Access feature. In the next phase Okta Device Access enables end users to complete their challenge with a FIDO2 security key to login to their macOS devices.In this blog post you will get an overview, how to setup FIDO2 authentication, how the user experience is looking like and … Continue reading FIDO2 for Desktop MFA for macOS →
- OIG APIs – Use Okta Connector in Workflows Nowby David Edwards (IAmDavid)This short post is for the information of people who may look at some of the older OIG API and Workflows articles on this site and find they no longer work. You should be using the Okta Connector with the Custom API Action card now instead of the old generic API Connector card. The OLD … Continue reading OIG APIs – Use Okta Connector in Workflows Now →
- Okta Device Access Windows Passwordless loginby Arkadiusz KrowczynskiApril 2024: This is an Early Access Feature! Introduction Since the initial release of Okta Device Access for Windows, many exciting new features such as Self-service password reset or number challenge have been developed and released.Now we are announcing the next exciting one of Okta Device Access the Passwordless login for Windows endpoints! If the … Continue reading Okta Device Access Windows Passwordless login →
- Passkeys Presentation at Identity Management Dayby Toby AllenHere is the presentation I gave at IdentityXP’s Identity Management Day Virtual Conference on April 9th, 2024 in Melbourne.
- A Look at the new Govern Okta Admin Roles featureby David Edwards (IAmDavid)This article is a walkthrough of the new Govern Okta Admin Roles feature in Okta Workforce Identity Cloud (WIC). Overview of the Feature This new feature builds on the flexible and customisable administration roles that have been available on Okta WIC for some time. It treats the Okta Admin Console as an application with entitlements … Continue reading A Look at the new Govern Okta Admin Roles feature →
- Setting up Workspace ONE Android Check-In Check-Out (CICO) with Oktaby Darryl MilesWorkspace ONE Launcher lets IT administrators design a custom home screen for Android devices. You can easily layout your applications and branding using the Workspace ONE UEM admin console. Once set up, the Launcher automatically replaces your regular home screen and enforces IT policies for both the device and apps. It’s designed with frontline workers … Continue reading Setting up Workspace ONE Android Check-In Check-Out (CICO) with Okta →
- Okta Privileged Access: How to Backup and Restoreby Rajesh KumarThis article is to help with Backup and Restore process for Okta Privileged Access (OPA) components managed and maintained outside of the Okta infrastructure. Backing up your Okta PA server agent and Gateway configurations is a proactive safeguard against downtime, and other unwanted negative impacts to your business. OPA does not have capabilities to back … Continue reading Okta Privileged Access: How to Backup and Restore →
- Okta Device Access – Troubleshooting SSPR on Windowsby David Edwards (IAmDavid)This article explores the mechanisms available to help troubleshoot issues with Self-Service Password Reset (SSPR) with Okta Device Access in a Windows Domain-joined environment. There are multiple components involved in a SSPR flow with Okta Device Access and understanding the components, flow and where the components log messages is useful for troubleshooting issues. Note that … Continue reading Okta Device Access – Troubleshooting SSPR on Windows →
- Going passwordless: Faster, easier, and more secure customer logins with passkeysby Toby AllenHere is a presentation I gave today on passkeys at the Canberra Cyber Conference hosted by AISA.
- Okta FastPass for Windows Virtual Desktop Infrastructure (VDI)by Arkadiusz KrowczynskiIntroduction Okta Verify/FastPass and Device Assurance are now going to be supported in Windows VDI (Virtual Desktop Infrastructure) environments for easy access to resources. Extend passwordless, phishing resistant authentication with device context to resources in VDI environments (AWS, Citrix, etc.). With this we can bypassing the need of Windows Hello via the the new Passcode … Continue reading Okta FastPass for Windows Virtual Desktop Infrastructure (VDI) →