Overview This blog post will walk you through how to programmatically create and delete Tuples within Okta’s Fine Grained Authorization (FGA) product triggered by an Access Request in Okta Identity Governance (OIG). FGA is an early-stage product Okta is building to solve fine grained authorization at scale. FGA is a Relationship Based Access Control model … Continue reading Managing FGA Relationships with Okta Identity Governance and Workflows
Category: Extensibility (Workflows and Development)
Detecting IDP changes used for Cross Tenant Impersonation
Okta Defensive Cyber Operations have observed that attackers who have obtained Super Admin access are leveraging IdP Federation to impersonate users to gain access to downstream applications. In this post I will discuss how to leverage workflows to alert on any IdP changes. For a more detailed discussion of how to prevent this attack and … Continue reading Detecting IDP changes used for Cross Tenant Impersonation
Processing Okta Event Hooks with Workflows
Okta Event hooks and Workflows can be combined to provide powerful detection, alerting and remediation actions. These can be leveraged for a wide range of actions such as those detailed in the Security Blog Post: Cross-Tenant Impersonation: Prevention and Detection including; Alerting on phishing attempts detected and stopped by FastPass and triggering changes to authentication … Continue reading Processing Okta Event Hooks with Workflows
Okta Privileged Access – Determining and Highlighting Risk in Roles and Policies
Okta Privileged Access provides a flexible framework for controlling who can access what privileged resources and how. This includes resource groups for managing resources, security policies for controlling access, administrative roles to manage them, and principals to use them. Invariably configuring the PAM solution will introduce risk. But how to monitor and manage the risk … Continue reading Okta Privileged Access – Determining and Highlighting Risk in Roles and Policies
Okta Privileged Access and Access Certification – Getting Roles into the Group Description
As with many SaaS applications in Okta, application entitlement can be managed via Okta Groups pushed to Okta Privileged Access (OPA). This means membership in OPA policies and roles is based on Okta Group membership and thus can be governed by access requests and access certification for those groups. In this article we look at … Continue reading Okta Privileged Access and Access Certification – Getting Roles into the Group Description
OIG Access Requests – Automate Out of Country Requests and Security
Overview The purpose of this post is to configure an access request for end users to request when they are going to be out of the country. Oftentimes, IT teams like to lock down their environment so their employees can only access their applications from one designated country or area (maybe we call this US … Continue reading OIG Access Requests – Automate Out of Country Requests and Security
Okta Privileged Access and the Reports API – Who has Access to What and How?
With the release of Okta Privileged Access, an API has also been released to provide programmatic access into objects managed by it, such as servers, secrets and gateways. There is a set of Access Reports APIs to allow for external reporting on who has access to what and how. This article explores the APIs, the … Continue reading Okta Privileged Access and the Reports API – Who has Access to What and How?
Okta enrolled factor verification tool for Helpdesk to reset password/factors using Okta workflows and Slack modal
Prerequisite: Okta Workforce Identity Cloud tenant. Okta Workflows Console Access Okta Admin Access to Okta Admin Dashboard Slack workspace and Admin access Problem statement: Okta enables selfservice to reset your password. This requires some high assurance factor for verification. Also some times they need to reset factors which does not have a way to do … Continue reading Okta enrolled factor verification tool for Helpdesk to reset password/factors using Okta workflows and Slack modal
OKTA Workflows : the best is yet to come
In my previous article, I gave you a brief introduction to Okta workflows, in order to arouse your curiosity as to the potential of this tool. On the face of it, if you’re here, that’s the case (if you’ve seen the light and gone in, that’s good too!). Today, I’m going to take the presentation … Continue reading OKTA Workflows : the best is yet to come
Introduction to OKTA Workflows: nothing is impossible (almost)!
A test workflow from one of our tenants If you’re here, you probably know what Okta is. But if you don’t, we won’t hold it against you (promise!). Okta offers an IAM (Identity Access Management) solution, enabling you to centrally and securely manage your users’ identities and access to the resources they need to access. … Continue reading Introduction to OKTA Workflows: nothing is impossible (almost)!