We all appreciate that a Zero Standing Privileges model is the best approach when it comes to privileged access - if a compromised account doesn't have standing privileges, then the attacker is limited in what they can do. But the reality for many organisations is that there are still shared accounts with elevated privileges that … Continue reading Leveraging Zero Standing Privileges and Shared Account Access with Okta Privileged Access
Author: David Edwards (IAmDavid)
I have been working in Identity Management for a quarter of a century, spending 22 years working on various IAM products at IBM and now three years at Okta. Over that time I have worked across pre- and post-sales, including stints in services, fly-in support and technical enablement. I have covered access management, single signon (desktop, web and federated), identity governance and administration (IGA), directories and directory integration, and privileged access management (PAM). I'm one of the few identity practitioners with experience with mainframes and legacy on-premise systems like SAP. And I love to write!
Introducing Secrets Management in Okta Privileged Access
This article explores the new secrets management capability within Okta Privileged Access. Introduction to Secrets ManagementThe Vault, Secrets and FoldersResource Administration and Security PolicyAn Example of Generic Secrets ManagementThe configuration in Okta and Okta Privileged AccessOkta Users and GroupsResource Groups and ProjectsDefining Top-Level Folders as the SecretAdminDefine Secrets PoliciesManaging Folders and SecretsUser (Linux Sysadmin) ViewConclusion … Continue reading Introducing Secrets Management in Okta Privileged Access
Okta Privileged Access and Okta Access Requests
Okta Privileged Access (OPA) leverages with wider Okta Workforce Identity Cloud capabilities for many use cases. One of these integrations is with the Okta Access Requests components, that comes as part of the Okta Identity Governance (OIG) product, but also ships in a limited form with OPA. This article explores the two common use cases: … Continue reading Okta Privileged Access and Okta Access Requests
Okta Privileged Access – A Look at the Data Model
This article provides a simplified view of the data model used in Okta Privileged Access (OPA). An OverviewDirectory ObjectsResource Administration ObjectsSecurity Administration ObjectsSummary Note that this is a logical view of data objects and their relationships, and the term "object" is used very loosely (more like data types). Also this is based on the current … Continue reading Okta Privileged Access – A Look at the Data Model
Okta Privileged Access – A Technical Introduction
The new Okta Privileged Access product was featured in the recent Oktane23 conference. The product is currently (Oct 23) in early access with General Availability expected in Dec 23. This article is a brief technical overview of Okta Privileged Access (OPA) looking at the components and functions of the product. It is written to provide … Continue reading Okta Privileged Access – A Technical Introduction
Entitlements Managed in OIG with Early Access
The new Entitlement Management capability in Okta Identity Governance (OIG) is currently in Early Access for OIG customers. With this release Okta has updated five of the Okta Integration Network (OIN) connectors to support this new capability - splitting entitlements from other application profile attributes and managing the two-way sync between Okta and the applications. … Continue reading Entitlements Managed in OIG with Early Access
OIG Entitlement Management – A Technical Introduction
Okta continues to enhance the Okta Identity Governance product in the areas of Access Requests, Access Certification, and Governance reporting. However a significant update, Entitlement Management, was announced at Oktane23 and is currently in Early Access. This article provides a technical overview of the new Entitlement Management capability. What is Entitlement Management?Doesn’t Okta Already Do … Continue reading OIG Entitlement Management – A Technical Introduction
OIG Assets in the Okta Community
Those following this blog will know we post a lot of technical assets on the Okta products from a technical specialist perspective, such as the how-to's that aren't obvious from product documentation or cross-product solutions to address specific use cases. But did you know there are some community assets published by Okta in addition to … Continue reading OIG Assets in the Okta Community
OIG Access Requests – Can I Attach a File?
A common requirement for access requests is adding a file to support the request. It may not be obvious, but Okta Identity Governance has the means to attach a file to a request. Let's explore this and show an example. How to Attach a File in the Access Requests Portal A file can be attached … Continue reading OIG Access Requests – Can I Attach a File?
OIG Access Requests – Posting Questions Based on Earlier Selections
My colleague, Rajesh Kumar, showed me something today that fell into the "wow, I didn't even think of using the product this way" category. It involves using logic in Access Request flows (Request Types) in Okta Identity Governance to prompt for additional information based on earlier selections. Let's look at how the user experiences it, … Continue reading OIG Access Requests – Posting Questions Based on Earlier Selections