The Access Certifications capability has been a core part of Okta Identity Governance (OIG) since its inception. However in the first update for this year (2025.01.0), Preconfigured Access Certifications Campaigns were added to OIG. This article explores the new feature. Overview Building of access certification campaigns is very straightforward. The wizard-like flow walks you through … Continue reading Preconfigured Access Certification Campaigns in Okta Identity Governance
Author: David Edwards (IAmDavid)
I have been working in Identity Management for a quarter of a century, spending 22 years working on various IAM products at IBM and now three years at Okta. Over that time I have worked across pre- and post-sales, including stints in services, fly-in support and technical enablement. I have covered access management, single signon (desktop, web and federated), identity governance and administration (IGA), directories and directory integration, and privileged access management (PAM). I'm one of the few identity practitioners with experience with mainframes and legacy on-premise systems like SAP. And I love to write!
Automating Individual Secret Folders in OPA with Workflows
Okta Privileged Access has a secrets function, where a folder hierarchy can be built and policies applied to allow groups of users to access shared secrets. Whilst it's not it's primary use case, it could also be used to provide an individual secrets folder mechanism where users in Okta could have their own personal secrets … Continue reading Automating Individual Secret Folders in OPA with Workflows
Automating Realm Creation in Okta with Workflows
The new Realms feature in the Okta Workforce platform and the Secure Partner Access (SPA) product built on top of it are designed to make management of discrete user populations simpler. Realms can be managed via the Okta Admin Console. But what about when you want to automate the process, such as onboarding a large … Continue reading Automating Realm Creation in Okta with Workflows
Assigning Administrators to Realms in Okta
Realms were introduced into Okta to provide an alternative mechanism for delegated administration with discrete user populations. A key aspect of this is the administration - you may need to have different types of administrator roles for the users in the realm, but also allow cross-realm roles. In this article we explore configuring administrators for … Continue reading Assigning Administrators to Realms in Okta
An Introduction to Realms in Okta
Okta recently added a new feature to the Universal Directory called Realms. This article provides an overview of the new feature. Background - Why do we need Realms?What Are Realms?Working with RealmsRealm AdministrationAutomatic Onboarding of Users into RealmsDelegating User ManagementOkta Workflows and Realms APIsManaging PartnersApplying GovernanceKnown Limitations and WorkaroundsConclusion Note that Realms is only available … Continue reading An Introduction to Realms in Okta
Reduce Risk through Governance for Okta Administrators
In this article we explore the different patterns for associating users with administrative roles and how we can reduce the risk around these using governance. There are multiple articles listing the controls that should be applied to the administrative access in Okta, but this article will focus on the governance controls. Introduction Okta administration is … Continue reading Reduce Risk through Governance for Okta Administrators
Using Ansible to Manage the Server Agent in Okta Privileged Access
This article looks at how Ansible could be used to manage the server agent ('sftd') on a fleet of Linux servers. The article assumes there's an Ansible deployment configured and the controller can connect to and run playbooks on managed servers. IntroductionAnsible Set upSecurityOther Set upAnsible Automation ExamplesCheck Status and Start sftd ProcessCheck sftd VersionsUpdate … Continue reading Using Ansible to Manage the Server Agent in Okta Privileged Access
Managing and Using Okta Shared Accounts with Okta Privileged Access
Okta recently announced a new SaaS app service account capability for Okta Privileged Access. This includes being able to manage the passwords for Okta users (accounts) that may need to be shared for administrative functions. This article will explore this new capability. IntroductionAn Overview of Managing Okta Shared Accounts in Okta Privileged AccessAn ExampleConsiderations for … Continue reading Managing and Using Okta Shared Accounts with Okta Privileged Access
The Combined Power of Okta Privileged Access and Okta Identity Governance
This article looks at the benefits of combining Okta Privileged Access with Okta Identity Governance to reduce the risk of using privileged accounts and access. IntroductionUsing Okta Identity Governance to Enhance Okta Privileged AccessJust-in-time Access ApprovalAccess Requests for OPA AccessAccess Certification for OPA AccessEnhancing the Information Available to ReviewersLeveraging Okta WorkflowsSaaS Service Accounts and OIN … Continue reading The Combined Power of Okta Privileged Access and Okta Identity Governance
Okta Privileged Access Requests with JIRA and Okta Workflows
This article looks at how to use Jira to raise and manage time-bound privileged access requests in Okta Privileged Access. It leverages an Okta Workflows solution that integrates with Jira and then manages Okta group membership. IntroductionOverview of the SolutionSome Design ConsiderationsUser Experience and Background FlowsUser Requests Privileged AccessUser is Reminded about Pending Expiry of … Continue reading Okta Privileged Access Requests with JIRA and Okta Workflows
IAMSE