Using Risk in Okta to Manage Privileged Access in OPA

Identity Threat Protection with Okta AI will continuously assess user context and automatically respond to identity threats across your ecosystem. This includes managing entity (user) risk levels. Okta Privileged Access does not explicitly have user risk built in, but user risk can be applied to control how users access privileged resources. This article looks at … Continue reading Using Risk in Okta to Manage Privileged Access in OPA →

A Set of Utilities for Secrets Management in OPA

In a recent engagement a customer raised issues around management of secrets and folder,s and associated policies and users in their Okta Privileged Access (OPA) deployment. In the spirit of the mantra of Mr Bigweld in Robots "see a need, fill a need", I set about writing some utilities to help manage larger, more-complex Secrets … Continue reading A Set of Utilities for Secrets Management in OPA →

Privileged Access Management for Federated Users

This document describes the approach and mechanism to authorize users to access Okta Privileged Access (OPA) and protected resources. IntroductionObjectiveKey FeaturesUse CaseOverviewThe Aim of the SolutionHow the Solution is BuiltSSO: Setup Trust between IDP and SPAdd Org2Org Application on IDP tenant:Setup configuration on Service Provider TenantCreate Identity Provider Rule:Update Org2Org Application on IDP tenant:Assign Okta … Continue reading Privileged Access Management for Federated Users →

Automating Individual Secret Folders in OPA with Workflows

Okta Privileged Access has a secrets function, where a folder hierarchy can be built and policies applied to allow groups of users to access shared secrets. Whilst it's not it's primary use case, it could also be used to provide an individual secrets folder mechanism where users in Okta could have their own personal secrets … Continue reading Automating Individual Secret Folders in OPA with Workflows →

Governance for Okta Privileged Access Server Resources

This document describes the approach and mechanism to run a certification campaign to review Okta Privileged Access Resource (Server) access. Introduction Overview The Aim of the Solution How the Solution is Built Building Okta Privileged Access Sync Connector OPA Data Sync Steps Step 1: Okta Application Setup Step 2: Setup Workflow Step 2.1 Create Connections … Continue reading Governance for Okta Privileged Access Server Resources →

The Combined Power of Okta Privileged Access and Okta Identity Governance

This article looks at the benefits of combining Okta Privileged Access with Okta Identity Governance to reduce the risk of using privileged accounts and access. IntroductionUsing Okta Identity Governance to Enhance Okta Privileged AccessJust-in-time Access ApprovalAccess Requests for OPA AccessAccess Certification for OPA AccessEnhancing the Information Available to ReviewersLeveraging Okta WorkflowsSaaS Service Accounts and OIN … Continue reading The Combined Power of Okta Privileged Access and Okta Identity Governance →

Okta Privileged Access Requests with JIRA and Okta Workflows

This article looks at how to use Jira to raise and manage time-bound privileged access requests in Okta Privileged Access. It leverages an Okta Workflows solution that integrates with Jira and then manages Okta group membership. IntroductionOverview of the SolutionSome Design ConsiderationsUser Experience and Background FlowsUser Requests Privileged AccessUser is Reminded about Pending Expiry of … Continue reading Okta Privileged Access Requests with JIRA and Okta Workflows →

Bulk Imports of Sudo Rules for Okta Privileged Access using Workflows

This article showcases two new features of Okta Privileged Access - Sudo command bundles and the Okta Privileged Access Workflows connector. It shows how a standard workflow mechanism can be used for bulk-loading sudo commands, specifically for commands to work with OpenLDAP. IntroductionAn Example - Importing OpenLDAP CommandsOpenLDAP CommandsThe Import FilesCommand Bundles after ImportPolicies and … Continue reading Bulk Imports of Sudo Rules for Okta Privileged Access using Workflows →

Generating Okta Privileged Access Reports with the new Workflows Connector

Okta recently released a Workflows connector for Okta Privileged Access. It provides an abstraction of many of the Okta Privileged Access APIs to make working with them in Workflows easier. This article is an exploration of using the new connector to produce Okta Privileged Access reports, specifically access reports for users and resources. IntroductionOverviewConstruction of … Continue reading Generating Okta Privileged Access Reports with the new Workflows Connector →

Privileged Access Management for AWS using Okta Workforce Solutions

This article is a summary of a presentation I recently gave looking at Okta Workforce Identity Cloud and Amazon Web Services (AWS). It is focused on how privileged access management can be applied to AWS users and access, leveraging the different Identity and Access Management (IAM) capabilities in Okta. IntroductionAccess Management and AWS PrivilegesIdentity Administration, … Continue reading Privileged Access Management for AWS using Okta Workforce Solutions →