Sudo provides a granular access control mechanism on many *nix variants (if you run a Mac, sudo is the thing prompting for the password when you try to do something). The ability to centrally manage sudo rules and grant access via policy has recently been added to Okta Privileged Access. This article explores the new … Continue reading Centrally Managing SUDO Rules with Okta Privileged Access
Tag: ASA
Using Custom Labels in OPA for More Flexible Policies
This article looks at the new custom labels feature in Okta Privileged Access (OPA) and how they can be used to make policy management and assignment more flexible. This is a parity feature that was available in Okta Advanced Server Access and is now available in OPA. Labels in Okta Privileged Access When a server … Continue reading Using Custom Labels in OPA for More Flexible Policies
Advanced Server Access PLUS step-up MFA for sudo with RADIUS
Okta’s Advanced Server Access (ASA) eliminates password and SSH-key challenges with just-in-time, ephemeral certificates, improving security and user experience. While ASA doesn’t support transactional MFA, Okta’s RADIUS agent with the libpam_radius module enables sudo step-up MFA. The guide details RADIUS agent setup, server configuration, and sudo entitlement adjustments for enhanced security.
Okta Privileged Access and the Reports API – Who has Access to What and How?
With the release of Okta Privileged Access, an API has also been released to provide programmatic access into objects managed by it, such as servers, secrets and gateways. There is a set of Access Reports APIs to allow for external reporting on who has access to what and how. This article explores the APIs, the … Continue reading Okta Privileged Access and the Reports API – Who has Access to What and How?
Okta Privileged Access – A Look at the Data Model
This article provides a simplified view of the data model used in Okta Privileged Access (OPA). An OverviewDirectory ObjectsResource Administration ObjectsSecurity Administration ObjectsSummary Note that this is a logical view of data objects and their relationships, and the term "object" is used very loosely (more like data types). Also this is based on the current … Continue reading Okta Privileged Access – A Look at the Data Model
Extracting Okta ASA Audit Log with Okta Workflows
The audit logs in Okta Advanced Server Access (ASA) can be viewed in the ASA administrative interface or extracted via the ASA Audit V2 API (and this is what the integrations with SIEM tools do). But what about the situation where you just need to extract all the logs and process them somewhere? You could … Continue reading Extracting Okta ASA Audit Log with Okta Workflows
Managing Multiple AD Users in the AD-Joined Feature of ASA
Okta recently released the AD-Joined feature for Okta Advanced Server Access. This feature extends ASA secured RDP access to Windows servers in an AD domain, leveraging user credentials also stored in Active Directory. The feature supports both traditional password-based access and passwordless access using AD certificates, with the flexibility of having a mix of both … Continue reading Managing Multiple AD Users in the AD-Joined Feature of ASA
Can ASA Work With a Shared User Directory and Linux Servers?
Using a shared user directory for user authentication across server farms has been a common pattern since the 1990's. Microsoft adopted it with Active Directory, but we've had NIS deployments for many years. Can Okta Advanced Server Access (ASA) work where user authentication is delegated to a central shared directory? Yes. This article looks at … Continue reading Can ASA Work With a Shared User Directory and Linux Servers?
ASA PreAuthorization with Okta Workflows
This article explores how standard Okta self-service access requests and Okta Workflows can be used to implement Just-In-Time access to Okta Advanced Server Access. It assumes some understanding of Okta, Okta Workflows and Okta Advanced Server Access objects and capabilities. Article contents: Just-In-Time Access with Okta Advanced Server AccessRequest ASA Preauthorization With Okta and WorkflowsOverviewPreauthorization … Continue reading ASA PreAuthorization with Okta Workflows
Troubleshooting Okta Advanced Server Access (ASA)
This post looks at the tools to use when troubleshooting issues with Okta Advanced Server Access (ASA). It's not a "if you see this error, go do this" article - Google is great for that! This will look at where to go look for diagnostic info to help troubleshoot issues. Article contents: Revisiting the Okta … Continue reading Troubleshooting Okta Advanced Server Access (ASA)
IAMSE