Welcome to iamse.blog
This blog presents a series of articles on Identity and Access Management (IAM) written / curated / compiled by passionate group of engineers, evangelist, and other interested parties. You will find identity-centric, technology-driven articles and IAM domain articles, some written here and others collected from different sites where they have been published.
See the blocks down the side to navigate between pages, categories, tags and authors.
Disclaimer: This site is not OWNED, MANAGED or MAINTAINED by OKTA, Inc. OKTA, Inc has no direct affiliation with this site vice versa.
You won’t want to miss the amazing content that gets published continuously, so subscribe right here:
- Deleting Inactive Users in Auth0 with Okta WorkflowsA while ago Okta announced the integration of Okta Workflows with Auth0. Bringing low-code automation to the Auth0 platform. In this blog post I am going to talk about leveraging Workflows to remove inactive users from a tenant. I am using this in a demo environment where I have people login to demonstrate passkeys (As … Continue reading Deleting Inactive Users in Auth0 with Okta Workflows
- Connecting an Auth0 tenant to Okta WorkflowsA while ago Okta announced the integration of Okta Workflows with Auth0. Bringing low-code automation to the Auth0 platform. In this blog post I am going to cover the setup steps for the integrations. In another blog post I give an example of deleting inactive users from a one of my conference demo instances. There … Continue reading Connecting an Auth0 tenant to Okta Workflows
- Secure your tokens – an introduction to DPoP
𝐏𝐫𝐨𝐨𝐟-𝐨𝐟-𝐩𝐨𝐬𝐬𝐞𝐬𝐬𝐢𝐨𝐧 capabilities are becoming pivotal in ensuring application token security with the increasing adoption of OAuth-based access management. 𝐃𝐏𝐨𝐏, or 𝐃𝐞𝐦𝐨𝐧𝐬𝐭𝐫𝐚𝐭𝐢𝐧𝐠 𝐏𝐫𝐨𝐨𝐟 𝐨𝐟 𝐏𝐨𝐬𝐬𝐞𝐬𝐬𝐢𝐨𝐧 is a relatively new standard that comes with promising security features, especially for the internet-facing open applications. - Okta Device Access Desktop Password Sync with Microsoft Intune
Introduction In this blog post, I’ll take you on a journey how to configure Okta Device Access Desktop Password Sync if you use Microsoft Intune as your Mobile Device Management (MDM) solution for your macOS device fleet.We start with the configuration on Okta, show how to create the necessary configuration profiles on Microsoft Intune side and a demo how the Okta … Continue reading Okta Device Access Desktop Password Sync with Microsoft Intune - Okta Desktop MFA for macOS with Microsoft Intune
Introduction In this blog post, I’ll take you on a journey how to configure Okta Device Access Desktop MFA if you use Microsoft Intune as your Mobile Device Management (MDM) solution for your macOS device fleet.We start with the configuration on Okta and show how to create the necessary configuration profile on Intune side.Have fun reading the blog and then, of … Continue reading Okta Desktop MFA for macOS with Microsoft Intune - Securely verify transactions – Can CIBA lead the way?
Client-Initiated Backchannel Authentication (CIBA) is rapidly gaining traction and showing promise in delivering a secure and seamless experience during sensitive transaction verification within a digital application. Here are some notes about this interesting development and how Okta is pioneering its adoption. - Advanced Server Access PLUS step-up MFA for sudo with RADIUS
Okta’s Advanced Server Access (ASA) eliminates password and SSH-key challenges with just-in-time, ephemeral certificates, improving security and user experience. While ASA doesn’t support transactional MFA, Okta’s RADIUS agent with the libpam_radius module enables sudo step-up MFA. The guide details RADIUS agent setup, server configuration, and sudo entitlement adjustments for enhanced security. - FIDO2 for Desktop MFA for macOS
April 2024 : This is a Early Access feature. In the next phase Okta Device Access enables end users to complete their challenge with a FIDO2 security key to login to their macOS devices.In this blog post you will get an overview, how to setup FIDO2 authentication, how the user experience is looking like and … Continue reading FIDO2 for Desktop MFA for macOS - OIG APIs – Use Okta Connector in Workflows Now
This short post is for the information of people who may look at some of the older OIG API and Workflows articles on this site and find they no longer work. You should be using the Okta Connector with the Custom API Action card now instead of the old generic API Connector card. The OLD … Continue reading OIG APIs – Use Okta Connector in Workflows Now - Okta Device Access Windows Passwordless login
April 2024: This is an Early Access Feature! Introduction Since the initial release of Okta Device Access for Windows, many exciting new features such as Self-service password reset or number challenge have been developed and released.Now we are announcing the next exciting one of Okta Device Access the Passwordless login for Windows endpoints! If the … Continue reading Okta Device Access Windows Passwordless login - Passkeys Presentation at Identity Management DayHere is the presentation I gave at IdentityXP’s Identity Management Day Virtual Conference on April 9th, 2024 in Melbourne.
- A Look at the new Govern Okta Admin Roles feature
This article is a walkthrough of the new Govern Okta Admin Roles feature in Okta Workforce Identity Cloud (WIC). Overview of the Feature This new feature builds on the flexible and customisable administration roles that have been available on Okta WIC for some time. It treats the Okta Admin Console as an application with entitlements … Continue reading A Look at the new Govern Okta Admin Roles feature - Setting up Workspace ONE Android Check-In Check-Out (CICO) with Okta
Workspace ONE Launcher lets IT administrators design a custom home screen for Android devices. You can easily layout your applications and branding using the Workspace ONE UEM admin console. Once set up, the Launcher automatically replaces your regular home screen and enforces IT policies for both the device and apps. It’s designed with frontline workers … Continue reading Setting up Workspace ONE Android Check-In Check-Out (CICO) with Okta - Okta Privileged Access: How to Backup and RestoreThis article is to help with Backup and Restore process for Okta Privileged Access (OPA) components managed and maintained outside of the Okta infrastructure. Backing up your Okta PA server agent and Gateway configurations is a proactive safeguard against downtime, and other unwanted negative impacts to your business. OPA does not have capabilities to back … Continue reading Okta Privileged Access: How to Backup and Restore
- Okta Device Access – Troubleshooting SSPR on Windows
This article explores the mechanisms available to help troubleshoot issues with Self-Service Password Reset (SSPR) with Okta Device Access in a Windows Domain-joined environment. There are multiple components involved in a SSPR flow with Okta Device Access and understanding the components, flow and where the components log messages is useful for troubleshooting issues. Note that … Continue reading Okta Device Access – Troubleshooting SSPR on Windows - Going passwordless: Faster, easier, and more secure customer logins with passkeysHere is a presentation I gave today on passkeys at the Canberra Cyber Conference hosted by AISA.
- Okta FastPass for Windows Virtual Desktop Infrastructure (VDI)
Introduction Okta Verify/FastPass and Device Assurance are now going to be supported in Windows VDI (Virtual Desktop Infrastructure) environments for easy access to resources. Extend passwordless, phishing resistant authentication with device context to resources in VDI environments (AWS, Citrix, etc.). With this we can bypassing the need of Windows Hello via the the new Passcode … Continue reading Okta FastPass for Windows Virtual Desktop Infrastructure (VDI) - Using Twilio Functions with the Okta Telephony Inline Hook
Okta’s Identity Engine introduced an Inline Hook for Telephony effectively allowing you to replace Okta’s inbuilt SMS solution with your own provider. In this short post I will detail how to leverage Twilio Functions to deliver OTP codes via SMS or Voice call. This is largely an adaption of the Okta Developer Instructions for leveraging Twilio using Glitch. … Continue reading Using Twilio Functions with the Okta Telephony Inline Hook - Okta Workflow for Access Certifications – Slack Notifications
Introduction Today, ensuring the security and compliance of user access rights is a top priority for organizations worldwide. As an advocate for streamlined processes and effective communication, I am excited to share with you a custom-built Okta Workflow to send Access Certifications campaign notifications like campaign launch, weekly campaign reminders to reviewers who are yet … Continue reading Okta Workflow for Access Certifications – Slack Notifications - Realms for Workforce Management – A New Flexible Way to Manage your Organization
Introduction Okta’s vision with Universal Directory is to provide a centralized approach to identity management, where customers can integrate any technology stack into a comprehensive, central cloud directory for unified management. In today’s world, unified identity management is becoming increasingly challenging. Organizations rely on a workforce composed of employees, contractors, seasonal workers, and business partners, … Continue reading Realms for Workforce Management – A New Flexible Way to Manage your Organization - Okta Device Access with Jamf a step-by step guide
Introduction In this Blog Post, I’ll take you on a journey how to configure Okta Device Access Desktop MFA and Desktop Password Sync if you use Jamf Pro as your MDM solution for your device fleet.We start with the configuration on Okta, show how to create the necessary configuration profiles on Jamf side and of … Continue reading Okta Device Access with Jamf a step-by step guide - Extend your End Point Security posture with Okta Chrome Enterprise Device Trust Connector
Okta continue to extend the security posture of enterprise end points with the release of a new dedicated integration with Google which offers Device Assurance Policy on ChromeOS and a new set of device signals from the Chrome browser itself that includes access policy based on the type of Browser and so much more! Requirements: … Continue reading Extend your End Point Security posture with Okta Chrome Enterprise Device Trust Connector - Okta Integration with Apple Business Manager
April 2024: ***UPDATE*** This feature will be available in Early Access from mid-May Introduction Apple Business Manager is a web-based portal that helps you deploy iPhone, iPad, Mac, and Apple TV. And you can easily provide employees with access to Apple services, set up device enrollment, and distribute apps, books, and software — all from one … Continue reading Okta Integration with Apple Business Manager - Consolidating Nested Lists in Okta Workflows
Working with lists in Okta Workflows is common, but sometimes the list processing actions can be overwhelming and confusing. In this article I look at how I approached a problem of consolidating nested lists with a standard pattern of Lists actions. It should give you an idea of how you can use different Lists actions … Continue reading Consolidating Nested Lists in Okta Workflows - Okta Entitlements for Disconnected Applications – Dynamic Entitlement Bundle Assignments
OVERVIEW This blog is a continuation of the Okta Entitlements for Disconnected Applications – Dynamic Entitlement Bundle Creation that I posted previously. Some of the introductory content is duplicate to reenforce some of the basic concepts around Okta Identity Governance – Entitlement Management. With the release of Okta Identity Governance, one of the newly released features is … Continue reading Okta Entitlements for Disconnected Applications – Dynamic Entitlement Bundle Assignments