Using Risk in Okta to Manage Privileged Access in OPA

Identity Threat Protection with Okta AI will continuously assess user context and automatically respond to identity threats across your ecosystem. This includes managing entity (user) risk levels. Okta Privileged Access does not explicitly have user risk built in, but user risk can be applied to control how users access privileged resources. This article looks at … Continue reading Using Risk in Okta to Manage Privileged Access in OPA →

RDP’ing with Microsoft Active Directory Accounts in OPA

Okta is extending it's Okta Privileged Access capabilities with Microsoft Active Directory accounts by adding the ability to leverage them in direct RDP connections. This means it now supports two use cases with AD accounts - a reveal function where those credentials can be used (via copy'n'paste) to any AD-authenticated service, and the new direct … Continue reading RDP’ing with Microsoft Active Directory Accounts in OPA →

A Set of Utilities for Secrets Management in OPA

In a recent engagement a customer raised issues around management of secrets and folder,s and associated policies and users in their Okta Privileged Access (OPA) deployment. In the spirit of the mantra of Mr Bigweld in Robots "see a need, fill a need", I set about writing some utilities to help manage larger, more-complex Secrets … Continue reading A Set of Utilities for Secrets Management in OPA →

New Secrets Search Function in Okta Privileged Access

Okta has introduced a new search function for Secrets in Okta Privileged Access (OPA). When an OPA user goes to the Secrets menu item, they will see a new search option. Typing in a search argument will show matching secrets with the secret name, Folder hierarchy (clickable breadcrumb), Resource Group / Project and Description. You … Continue reading New Secrets Search Function in Okta Privileged Access →

Integrating Active Directory with Okta Privileged Access

Okta has recently released their Microsoft Active Directory (AD) integration with Okta Privileged Access. This allows AD admin accounts to be stored in the vault and exposed via policy for use when accessing AD-authenticated services. This article provides a brief overview of the new feature. What Is It?How Does it Work?What Does it Look Like?Conclusion … Continue reading Integrating Active Directory with Okta Privileged Access →

Implementing an Offline Password Vault with Okta Privileged Access and KeePassXC

Okta Privileged Access is a SaaS offering. Currently it does not have an offline mode for local storage of break glass credentials. But you can extend it to do so, and that's the subject of this article. We look at a simple mechanism to export secrets from a folder and push them into a local … Continue reading Implementing an Offline Password Vault with Okta Privileged Access and KeePassXC →

Automating Individual Secret Folders in OPA with Workflows

Okta Privileged Access has a secrets function, where a folder hierarchy can be built and policies applied to allow groups of users to access shared secrets. Whilst it's not it's primary use case, it could also be used to provide an individual secrets folder mechanism where users in Okta could have their own personal secrets … Continue reading Automating Individual Secret Folders in OPA with Workflows →

Using Ansible to Manage the Server Agent in Okta Privileged Access

This article looks at how Ansible could be used to manage the server agent ('sftd') on a fleet of Linux servers. The article assumes there's an Ansible deployment configured and the controller can connect to and run playbooks on managed servers. IntroductionAnsible Set upSecurityOther Set upAnsible Automation ExamplesCheck Status and Start sftd ProcessCheck sftd VersionsUpdate … Continue reading Using Ansible to Manage the Server Agent in Okta Privileged Access →

Okta Privileged Access: Hashicorp Vault Secrets Migration

This article is to help to migrate Hashicorp vaults' secret into the Okta Privileged Access vault. This solution is provided as a guide and it can be further enhanced or extended to use for any other third party vault. The given tool is developed in java using Spring Boot framework. This tool has a property … Continue reading Okta Privileged Access: Hashicorp Vault Secrets Migration →

Leveraging Zero Standing Privileges and Shared Account Access with Okta Privileged Access

We all appreciate that a Zero Standing Privileges model is the best approach when it comes to privileged access - if a compromised account doesn't have standing privileges, then the attacker is limited in what they can do. But the reality for many organisations is that there are still shared accounts with elevated privileges that … Continue reading Leveraging Zero Standing Privileges and Shared Account Access with Okta Privileged Access →