OVERVIEW This blog is a continuation of the Okta Entitlements for Disconnected Applications that I posted previously. Some of the introductory content is duplicate to reenforce some of the basic concepts around Okta Identity Governance - Entitlement Management. With the release of Okta Identity Governance, one of the newly released features is entitlements at the … Continue reading Okta Entitlements for Disconnected Applications – Dynamic Entitlement Bundle Creation
Category: Extensibility (Workflows and Development)
Okta Entitlements for Disconnected Applications
OVERVIEW With the release of Okta Identity Governance, one of the newly released features is entitlements at the application level. Entitlements open a deeper level of represented access for Access Reviews, Access Certification Campaigns and Access Requests through the representation of fine grain access and licensing that a given user has in a relationship to for … Continue reading Okta Entitlements for Disconnected Applications
Unlocking Workday Security Groups Governance: Integrating Okta OIG with Custom Workflows and Universal Directory
Introduction Today, safeguarding organizational assets and ensuring compliance with regulatory standards are paramount concerns for businesses of all sizes. Within this context, the integration of Workday's security groups with Okta Identity Governance (OIG) emerges as a critical need, given the central role these platforms play in managing employee data and access privileges. However, there is … Continue reading Unlocking Workday Security Groups Governance: Integrating Okta OIG with Custom Workflows and Universal Directory
Automate ATO prevention with Suspicious Activity Reports
One of the best security resources a company has is it's users. One feature of Okta that can be leveraged to take advantage of this is Security Notification emails and the Report suspicious activity via email feature. The first of these sends email notifications to end users when an action such as a sign-on from … Continue reading Automate ATO prevention with Suspicious Activity Reports
Okta Privileged Access : User Identity Creation alert
This article is to send a notification to the security team if a new user id is being created on any Okta PA protected resources. This will help the security team to identify new identities directly created on protected servers which are not discovered and being managed by the vault in Okta Privileged Access - … Continue reading Okta Privileged Access : User Identity Creation alert
Unleashing Precision: Enhancing Salesforce User Access Reviews with Custom Okta Entitlements Management
Introduction In the ever-evolving realm of user access and security, the marriage of Okta and Salesforce presents a powerful synergy. While Okta's out-of-the-box (OOTB) connector for Salesforce Governance is undoubtedly a valuable asset, it falls short when it comes to the nuance of fine-grained access certification. Picture this common scenario: reviewing a Profile or Permission … Continue reading Unleashing Precision: Enhancing Salesforce User Access Reviews with Custom Okta Entitlements Management
Managing FGA Relationships with Okta Identity Governance and Workflows
Overview This blog post will walk you through how to programmatically create and delete Tuples within Okta’s Fine Grained Authorization (FGA) product triggered by an Access Request in Okta Identity Governance (OIG). FGA is an early-stage product Okta is building to solve fine grained authorization at scale. FGA is a Relationship Based Access Control model … Continue reading Managing FGA Relationships with Okta Identity Governance and Workflows
Detecting IDP changes used for Cross Tenant Impersonation
Okta Defensive Cyber Operations have observed that attackers who have obtained Super Admin access are leveraging IdP Federation to impersonate users to gain access to downstream applications. In this post I will discuss how to leverage workflows to alert on any IdP changes. For a more detailed discussion of how to prevent this attack and … Continue reading Detecting IDP changes used for Cross Tenant Impersonation
Processing Okta Event Hooks with Workflows
Okta Event hooks and Workflows can be combined to provide powerful detection, alerting and remediation actions. These can be leveraged for a wide range of actions such as those detailed in the Security Blog Post: Cross-Tenant Impersonation: Prevention and Detection including; Alerting on phishing attempts detected and stopped by FastPass and triggering changes to authentication … Continue reading Processing Okta Event Hooks with Workflows
Okta Privileged Access – Determining and Highlighting Risk in Roles and Policies
Okta Privileged Access provides a flexible framework for controlling who can access what privileged resources and how. This includes resource groups for managing resources, security policies for controlling access, administrative roles to manage them, and principals to use them. Invariably configuring the PAM solution will introduce risk. But how to monitor and manage the risk … Continue reading Okta Privileged Access – Determining and Highlighting Risk in Roles and Policies
IAMSE