Using Risk in Okta to Manage Privileged Access in OPA

Identity Threat Protection with Okta AI will continuously assess user context and automatically respond to identity threats across your ecosystem. This includes managing entity (user) risk levels. Okta Privileged Access does not explicitly have user risk built in, but user risk can be applied to control how users access privileged resources. This article looks at … Continue reading Using Risk in Okta to Manage Privileged Access in OPA →

New Delegate Feature in OIG

Okta has recently released a delegate feature in Okta Idenity Governance. This feature allows all governance activity, such as reviewing access requests or access certifications, to another Okta user (optionally for a set period). This article introduces the new feature. IntroductionSetting a DelegationAs an AdministratorAs a UserAccess Requests as the DelegateAccess Certification as the DelegateDelegate … Continue reading New Delegate Feature in OIG →

A Set of Utilities for Secrets Management in OPA

In a recent engagement a customer raised issues around management of secrets and folder,s and associated policies and users in their Okta Privileged Access (OPA) deployment. In the spirit of the mantra of Mr Bigweld in Robots "see a need, fill a need", I set about writing some utilities to help manage larger, more-complex Secrets … Continue reading A Set of Utilities for Secrets Management in OPA →

ISPM Architecture

This article provides a brief introduction to the architecture of Okta Identity Security Posture Management (ISPM). The following figure provides an overview of the architecture. We will break it up into the Input, Service, Console with Users/Roles and Output. Input ISPM is fed from different sources. The main source is from other customer systems, such … Continue reading ISPM Architecture →

New Okta Group Push API

If you have been working with applications in Okta for some time and occasionally use the APIs (or Workflows) you would be aware that one glaring omission in the API library was an API to manage the Push Groups on applications. This has now been addressed with the Group Push Mapping API. The Group Push … Continue reading New Okta Group Push API →

An Introduction to Managing SaaS Shared (Service) Accounts in OPA

Late in 2024 Okta released a new feature for Okta Privileged Access - the ability to manage SaaS shared accounts using the same approach to managing access to other privileged resources like servers. This article provides an introduction to this new feature. IntroductionIntroducing SaaS Service Accounts in Okta Privileged AccessThe User ExperienceCheck Out CredentialsCheck In … Continue reading An Introduction to Managing SaaS Shared (Service) Accounts in OPA →

Automating Individual Secret Folders in OPA with Workflows

Okta Privileged Access has a secrets function, where a folder hierarchy can be built and policies applied to allow groups of users to access shared secrets. Whilst it's not it's primary use case, it could also be used to provide an individual secrets folder mechanism where users in Okta could have their own personal secrets … Continue reading Automating Individual Secret Folders in OPA with Workflows →

The Combined Power of Okta Privileged Access and Okta Identity Governance

This article looks at the benefits of combining Okta Privileged Access with Okta Identity Governance to reduce the risk of using privileged accounts and access. IntroductionUsing Okta Identity Governance to Enhance Okta Privileged AccessJust-in-time Access ApprovalAccess Requests for OPA AccessAccess Certification for OPA AccessEnhancing the Information Available to ReviewersLeveraging Okta WorkflowsSaaS Service Accounts and OIN … Continue reading The Combined Power of Okta Privileged Access and Okta Identity Governance →

Okta Privileged Access Requests with JIRA and Okta Workflows

This article looks at how to use Jira to raise and manage time-bound privileged access requests in Okta Privileged Access. It leverages an Okta Workflows solution that integrates with Jira and then manages Okta group membership. IntroductionOverview of the SolutionSome Design ConsiderationsUser Experience and Background FlowsUser Requests Privileged AccessUser is Reminded about Pending Expiry of … Continue reading Okta Privileged Access Requests with JIRA and Okta Workflows →

Generating Okta Privileged Access Reports with the new Workflows Connector

Okta recently released a Workflows connector for Okta Privileged Access. It provides an abstraction of many of the Okta Privileged Access APIs to make working with them in Workflows easier. This article is an exploration of using the new connector to produce Okta Privileged Access reports, specifically access reports for users and resources. IntroductionOverviewConstruction of … Continue reading Generating Okta Privileged Access Reports with the new Workflows Connector →