Category: Domains
Non-product IAM domains
-
Bulk Imports of Sudo Rules for Okta Privileged Access using Workflows
This article showcases two new features of Okta Privileged Access – Sudo command bundles and the Okta Privileged Access Workflows connector. It shows how a standard workflow mechanism can be used for bulk-loading sudo commands, specifically for commands to work with OpenLDAP. Introduction Okta recently released two new capabilities to Okta Privileged Access. The first…
-
Centrally Managing SUDO Rules with Okta Privileged Access
Sudo provides a granular access control mechanism on many *nix variants (if you run a Mac, sudo is the thing prompting for the password when you try to do something). The ability to centrally manage sudo rules and grant access via policy has recently been added to Okta Privileged Access. This article explores the new…
-
Generating Okta Privileged Access Reports with the new Workflows Connector
Okta recently released a Workflows connector for Okta Privileged Access. It provides an abstraction of many of the Okta Privileged Access APIs to make working with them in Workflows easier. This article is an exploration of using the new connector to produce Okta Privileged Access reports, specifically access reports for users and resources. Introduction Okta…
-
Okta Privileged Access and Automation with DevOps Tools
This article looks at how Okta Privileged Access (OPA) can leverage DevOps tooling for automation in large infrastructure environments. Introduction Okta Privileged Access (OPA) provides privileged access management (PAM) for multiple use cases, such as securing access to privileged credentials (secrets) and privileged access to servers. Where there is a large environment needing PAM, customers…
-
Using Custom Labels in OPA for More Flexible Policies
This article looks at the new custom labels feature in Okta Privileged Access (OPA) and how they can be used to make policy management and assignment more flexible. This is a parity feature that was available in Okta Advanced Server Access and is now available in OPA. Labels in Okta Privileged Access When a server…
-
MFA Can Now Be Applied to Secret Access Policy in Okta Privileged Access
Okta Privileged Access (OPA) has had the option to turn on Multifactor Authentication (MFA) for server access policy for some time. This has now been extended to cover secret access policy. If you have worked with OPA Policy Rules for Secrets you will be familiar with the following that shows the permissions that can be…
-
Customisable Access Certification Reviewer Content in OIG
This article looks at the new customisable reviewer content in Okta Identity Governance (OIG) Access Certifications. The doc link for this new feature is https://help.okta.com/oie/en-us/content/topics/identity-governance/access-certification/iga-ac-customizable-context.htm. Introduction Access Certification (or recertification, attestation) is a key capability in any Identity Governance product and it is the one most likely to cause friction with business users. If you’re…
-
The New Checkout Feature in Okta Privileged Access
This article provides information on the latest feature released for Okta Privileged Access – Checkout. This feature allows setting exclusive checkout on shared accounts and manage the checkout/checkin of those accounts. Pre-Reqs The feature is there in Okta Privileged Access preview and production teams. You do not need to “turn on” any features. As always…
-
Managing Access in Okta Privileged Access with the new OIG Resource Catalog
Okta has released into Early Access a new feature called the Access Request Conditions and Resource Catalog, or more simply the Resource Catalog. This is a new way to configure and use access requests in Okta Identity Governance. This article shows how this can be applied to access within Okta Privileged Access. Introduction Okta Privileged…
-
Privileged Access Management for AWS using Okta Workforce Solutions
This article is a summary of a presentation I recently gave looking at Okta Workforce Identity Cloud and Amazon Web Services (AWS). It is focused on how privileged access management can be applied to AWS users and access, leveraging the different Identity and Access Management (IAM) capabilities in Okta. Note that this article talks about…
-
OIG APIs – Use Okta Connector in Workflows Now
This short post is for the information of people who may look at some of the older OIG API and Workflows articles on this site and find they no longer work. You should be using the Okta Connector with the Custom API Action card now instead of the old generic API Connector card. The OLD…
-
A Look at the new Govern Okta Admin Roles feature
This article is a walkthrough of the new Govern Okta Admin Roles feature in Okta Workforce Identity Cloud (WIC). Overview of the Feature This new feature builds on the flexible and customisable administration roles that have been available on Okta WIC for some time. It treats the Okta Admin Console as an application with entitlements…
-
OIG Entitlement Management Videos on YouTube
Some colleagues have recently published a set of videos on YouTube (okta channel) highlighting some of the features of the new Entitlement Management capability in Okta Identity Governance (see out Entitlement Management page for more information on the product). Most of the videos will show up by searching for “entitlement” and “okta” (https://www.youtube.com/results?search_query=entitlement+okta). It may…
-
Okta Privileged Access – Determining and Highlighting Risk in Roles and Policies
Okta Privileged Access provides a flexible framework for controlling who can access what privileged resources and how. This includes resource groups for managing resources, security policies for controlling access, administrative roles to manage them, and principals to use them. Invariably configuring the PAM solution will introduce risk. But how to monitor and manage the risk…
-
Okta Privileged Access and Access Certification – Getting Roles into the Group Description
As with many SaaS applications in Okta, application entitlement can be managed via Okta Groups pushed to Okta Privileged Access (OPA). This means membership in OPA policies and roles is based on Okta Group membership and thus can be governed by access requests and access certification for those groups. In this article we look at…