Okta recently released the AD-Joined feature for Okta Advanced Server Access. This feature extends ASA secured RDP access to Windows servers in an AD domain, leveraging user credentials also stored in Active Directory. The feature supports both traditional password-based access and passwordless access using AD certificates, with the flexibility of having a mix of both … Continue reading Managing Multiple AD Users in the AD-Joined Feature of ASA
Implementation of Separation of Duties controls is often an Identity Governance requirement. Whilst SoD controls will find their way into the Okta Identity Governance product at some point, they can be implemented today using the Okta Identity Cloud data model and Okta Workflows. This article provides a sample implementation. Article contents: IntroductionOkta and Coarse- and … Continue reading Separation of Duties (SoD) With Okta Workflows
Using a shared user directory for user authentication across server farms has been a common pattern since the 1990's. Microsoft adopted it with Active Directory, but we've had NIS deployments for many years. Can Okta Advanced Server Access (ASA) work where user authentication is delegated to a central shared directory? Yes. This article looks at … Continue reading Can ASA Work With a Shared User Directory and Linux Servers?
This article explores how standard Okta self-service access requests and Okta Workflows can be used to implement Just-In-Time access to Okta Advanced Server Access. It assumes some understanding of Okta, Okta Workflows and Okta Advanced Server Access objects and capabilities. Article contents: Just-In-Time Access with Okta Advanced Server AccessRequest ASA Preauthorization With Okta and WorkflowsOverviewPreauthorization … Continue reading ASA PreAuthorization with Okta Workflows
This article provides an approach to implementing continuous (re)certification using Okta Workflows. It discusses the concept and then walks through the sample implementation. Article contents: IGA, Certification and Continuous CertificationCan We Do This In Okta?Implementing a Continuous Certification Campaign in OktaTrigger Events in OktaWorkflows FlowsMain Flows (F**)API Endpoint Flow (A00)Sub Flows (S**)Utility Flows (U**)Design PointsSample … Continue reading Continuous Certification with Okta Workflows
This post looks at the tools to use when troubleshooting issues with Okta Advanced Server Access (ASA). It's not a "if you see this error, go do this" article - Google is great for that! This will look at where to go look for diagnostic info to help troubleshoot issues. Article contents: Revisiting the Okta … Continue reading Troubleshooting Okta Advanced Server Access (ASA)
A key aspect of identity governance is being able to see "who has access to what". Within Okta you have visibility to user-to-group and user-to-application mappings (i.e. the associations that Okta is managing). These are often called coarse-grained entitlements. But what about the fine-grained entitlements that are normally defined and managed within an application, such … Continue reading Fine-Grained Entitlement Reporting with Workflows
This is a trimmed down version of an article I published on LinkedIn on Jun 11, 2020 (https://www.linkedin.com/pulse/look-iam-red-hat-enterprise-linux-david-edwards-iamdavid-/). For a recent engagement I had to 'page back in' long-forgotten aspects of identity and access management (IAM) for Unix/Linux, specifically the Red Hat Enterprise Linux (RHEL) operating system. I couldn’t find a comprehensive guide to all … Continue reading A Look at IAM in Red Hat Enterprise Linux
This article was originally posted on LinkedIn on 29 August, 2019 (https://www.linkedin.com/pulse/iga-racf-how-effectively-can-you-manage-risk-users-david/). Way back in the late 80’s I was a trainee programmer learning all things green-screen, like ISPF, JCL, CICS and Cobol. Colleagues laughed, asking me why I was bothering given the mainframe would be gone in five years. Here we are thirty years … Continue reading IGA & RACF – How Effectively Can You Manage the Risk of Mainframe Users?
Hi, before launching into a bunch of blog posts, I thought I should introduce myself. I'm David Edwards, one of the authors of this site. I've been working at Okta since Sept 2020, working in IAM since I joined IBM Tivoli in Sept 1998, and working longer than I care to remember. Whilst I've covered … Continue reading Introducing the Authors – David