Welcome to iamse.blog
This blog presents a series of articles on Identity and Access Management (IAM) written / curated / compiled by passionate group of engineers, evangelist, and other interested parties. You will find identity-centric, technology-driven articles and IAM domain articles, some written here and others collected from different sites where they have been published.
See the blocks down the side to navigate between pages, categories, tags and authors.
Disclaimer: This site is not OWNED, MANAGED or MAINTAINED by OKTA, Inc. OKTA, Inc has no direct affiliation with this site vice versa.
You won’t want to miss the amazing content that gets published continuously, so subscribe right here:
- Better Together Series: Microsoft Azure Sentinel + Okta
By integrating Okta with Azure Sentinel, you can correlate and pinpoint system-related attacks that may have been initiated via account takeovers, suspicious behaviour, MFA push bombs and other identity-related attacks. This also allows you to proactively quartine, prevent and contain any further/collateral damage that could happen if the risky event wasn’t handled appropriately and timely. - Better Together Series: Integrating Power Platform with Okta’s Workforce Identity Cloud
Seamless Identity and Access management with Power Platform (PowerApps) through Okta’s Workforce Identity Cloud - Okta Workflows How-To: Anything as a Source
Okta customers, particularly in the Workforce Identity space, are looking to model and, where possible, automate the IT processes associated with individuals joining, moving within, or leaving their organization. These processes are driven by changes to data in an organization’s source of truth for identity information. The driving forces behind automation include improving IT efficiency, … Continue reading Okta Workflows How-To: Anything as a Source - Bring Your Own Messaging Provider: WhatsApp OTP with Inline Hooks & WorkflowsOkta’s Identity Engine introduced an Inline Hook for Telephony effectively allow you to replace Okta’s inbuilt SMS solution with your own provider. This empowers customers to manage their own numbers and providers around the world allowing for cost and delivery optimisation. It also paves the way for adding additional channel options for OTP messages. Messaging … Continue reading Bring Your Own Messaging Provider: WhatsApp OTP with Inline Hooks & Workflows
- Secure your VMware Web Proxy access with Okta
Overview / Prerequisites In this blog I want to guide you through the process how we can integrate Okta as the IdP with VMware Web Proxy and how the User Experience looks .I will not cover how to create a Security Policy on the VMware side, but you can read this basic steps in my … Continue reading Secure your VMware Web Proxy access with Okta - Understanding AWS IAM and Integrating with Okta and WorkflowsI’ve been looking into application entitlements and the Amazon Web Services (AWS) users, groups and entitlements has perplexed me for some time. I’ve had the opportunity to explore it, try to understand it and build some integration between Okta Workforce Identity Cloud (via Okta Workflows). This post is a summary of my findings. AWS and … Continue reading Understanding AWS IAM and Integrating with Okta and Workflows
- Counting aMAUs from System LogsOkta’s Workforce Identity Cloud leverages the somewhat confusing named Annual Monthly Active Users (aMAU) metric to measure Customer Identity Access Management usage. This is distinct from Workforce Identity usage which is measured in a per user per month basis. aMAU is the cumulative annual measure of active users in any given month. That is unique … Continue reading Counting aMAUs from System Logs
- A Single Source of Truth – Okta as a Whole of Business Identity Solution, Part 1Introduction Over the last several years, an increasing number of organisations have begun to question the business value delivered by their continued use of on premise directory services, such as Active Directory. As a group of products, many on premise directory services do what they do exceptionally well, assuming they are well managed and you … Continue reading A Single Source of Truth – Okta as a Whole of Business Identity Solution, Part 1
- Phishing Resistant Authenticators in action through Okta Fastpass
In this blog, I will showcase how Okta is able to prevent and stop phishing attempts crafted by EvilGinX (MiTM) to your end users. Aside from preventing the phishing attempt, Okta can also be configured to orchestrate back-end orchestration flows that will raise awareness to your end users and also deliver a SecOps capability. - VMware SD-WAN Orchestrator Single Sign-On powered by Okta
In this article I would like to describe how to integrate the Okta into the SD-WAN Orchestrator and using Single Sign On (SSO) with different user types. VMware SD-WAN Orchestrator provides centralized, enterprise-wide installation, configuration, and real time monitoring, in addition to orchestrating the data flow through the cloud network. Prerequisites Configure Okta for Single Sign … Continue reading VMware SD-WAN Orchestrator Single Sign-On powered by Okta - OIG Access Requests – Who is the Request Assignee?
As is often the case, product documentation tells you how to turn on or configure a function but often doesn’t provide the context of that function. I found this yesterday when exploring something with a customer in Okta Identity Governance (OIG) Access Requests. What is the Request Assignee you can assign to some of the … Continue reading OIG Access Requests – Who is the Request Assignee? - New in Workflows: Security Operations Solution Packs
Okta Workflows has just released a number of templates focused on Security Operations Centre (SOC) processes. These Workflow templates are designed to help solve specific identity-based automation challenges for the Security Operations team using a bundled collection of pre-built and fully customizable flows. The categories include: Some of the main benefits are: To find all … Continue reading New in Workflows: Security Operations Solution Packs - Learn How to use Workflows for Inline Hooks
With this release of low-latency flows, Okta has laid the groundwork for supporting any web hook that is time sensitive. Traditionally, organizations have to spend engineering effort to build, deploy, host, and manage their own system in order to enrich a user’s profile (token or session), or notify/remediate a security threat. Those systems become even … Continue reading Learn How to use Workflows for Inline Hooks - Low Latency FlowsOkta Workflows doesn’t guarantee execution latency. Usually flows run very fast. However, Workflows is a multi-tenant system and doesn’t have a latency SLA. Flows execution times depend on: Because specific latency can’t be guaranteed, up until now, Workflows shouldn’t be used in any flows where execution time is critical to the scenario, such as token … Continue reading Low Latency Flows
- Fixed Recovery Questions with Workflows
Recently an Okta customer was interested in being able to set a fixed Recovery Question for a subset of its employees. In particular they wanted to use an attribute from their source of truth as a security answer. Having a fixed security question and answer based on an employee attribute does have security drawbacks however … Continue reading Fixed Recovery Questions with Workflows - OIG Access Requests – Can an Approver Supply Information for a Request?Recently someone asked if Okta Identity Governance (OIG) Access Requests could be setup so a manager could supply additional information for the request. Their use case, the requester wants access to an application but they don’t know the role they need, so the manager would select the role at the approval stage. Short answer – … Continue reading OIG Access Requests – Can an Approver Supply Information for a Request?
- Okta Devices SDK Sample App
Powered by the Okta Devices Platform Service, the Okta Devices SDK and the Devices API offer a single integration to unify user identity and device identity, along with all of the tools necessary to build passwordless sign-in flows through branded push notifications and biometric capabilities. All of these powerful functionalities come together to deepen security … Continue reading Okta Devices SDK Sample App - Enforcing device assurance on unmanaged devices (BYOD)
One of the biggest challenges for organisations is being able to increase the security posture of their employee’s BYOD devices while respecting their privacy and improving their user experience. Okta announced recently the new feature called Okta Device Assurance which allow organisations to increase the posture of their BYOD’s users leveraging Okta Verify Application. Until … Continue reading Enforcing device assurance on unmanaged devices (BYOD) - Did You Know the Machine Learning in OIG Access Requests Extends to the WebUI?If you’ve seen a demonstration of Okta Identity Governance (OIG) Access Requests, you have probably seen the machine learning (AI) capability when requesting access in Slack or Microsoft Teams. You ask for access to something, and the AI will try to determine the best request type to present. It learns over time, so that terms … Continue reading Did You Know the Machine Learning in OIG Access Requests Extends to the WebUI?
- New Reviewer Options in OIG Access CertificationThere was a recent change to the reviewer selections for Okta Identity Governance (OIG) Access Certification to allow for more options and to simplify the administrative experience. The feature is currently an Early Access feature (the “Reviewer Assignment” enhancement) that can be turned on in an OIG-enabled Okta org. It will roll into production over … Continue reading New Reviewer Options in OIG Access Certification
- Okta Identity Governance and/or Service Now – Architectural PatternsMost organisations have some ITSM or service request tool, and ServiceNow is the most common. So it’s understandable that any conversation about Okta Identity Governance, particularly access requests, will involve comparison with ServiceNow or integration patterns for both products. How do you approach an access request solution? Which product is going to meet your needs … Continue reading Okta Identity Governance and/or Service Now – Architectural Patterns
- Risk-Based Application Certification in OIGIf you were at Oktane22, or have listened to the Oktane22 roadmap sessions, you will know risk and use of risk signals is a key focus for Okta going forward. This includes leveraging risk in Okta Identity Governance (OIG), to help make access requests and access certification more effective. But can you leverage risk today? … Continue reading Risk-Based Application Certification in OIG
- Logging a ServiceNow Request via Workflows from OIG Access RequestsA common ask for Okta Identity Governance is to be able to log at ticket in a service desk tool, like ServiceNow, for manual provisioning activities after following an approval process in Access Requests. This article explores one approach to this using OIG Access Request events in the Okta System Log, Event Hooks and Okta … Continue reading Logging a ServiceNow Request via Workflows from OIG Access Requests
- OIG Access Requests – Cancelling a TimerIf you’re familiar with the timer feature in Okta Identity Governance (OIG) Access Requests, you may have wondered if you can cancel a running timer and if so, how? Let’s show how it can be done. If you’re not familiar with the timer feature, have a read of this article: https://iamse.blog/2022/07/27/oig-access-requests-using-the-new-timer-feature/. A timer is used … Continue reading OIG Access Requests – Cancelling a Timer
- OIG Access Requests – Public or Private?If you have looked at Okta Identity Governance Access Requests, you will know that a request will contain the history of the activity, such as the questions asked and answered, approval steps performed and actions taken. Did you know that a request, with all this information, can be Public or Private? Did you know that … Continue reading OIG Access Requests – Public or Private?