Category: Domains
Non-product IAM domains
-
Enable Provisioning with OAuth for Salesforce.com
A while back Okta changed the provisioning credentials for salesforce.com from the old username and password+token approach to using OAuth. Whilst the new approach was added to the Okta help documentation (https://help.okta.com/oie/en-us/Content/Topics/Provisioning/Salesforce/sfdc-configure-provisioning-REST.htm), the need for the documents to cover both the old and new can lead to some confusion. A customer hit a snag and…
-
OIG Access Requests – Understanding User Grouping
Understanding user grouping mechanisms in the Okta Identity Governance (OIG) Access Requests mechanism is important to building and running access request flows. It can be confusing and this article aims to address the confusion. Note that OIG Access Requests is the old atSpoke product. The term “Okta” in this article refers to the Okta Identity…
-
OIG Access Requests – Using the New Timer Feature
This article explores the new Timer feature in Okta Identity Governance (OIG) Access Requests. It provides an overview of the new function and how it could be used for a long-term (days or weeks) access request and a short-term (hours) privileged access request. This article assumes a familiarity with the OIG Access Requests workflows. For…
-
Historical Reporting of OIG Access Requests
A common request asked is how to look at past access request events. Currently you can see the results of the requests in the Okta System Log and also in the Okta Identity Governance (OIG) Access Requests admin console. This article will explore these. This is still an early release product, so expect to see…
-
Designing OIG Access Requests for Ease of Use
Access Requests are designed to be used by all people in an organisation. So making the interface and information presented be more user friendly should be a goal of any deployment. In this article we look at what information is presented to end-users by Okta Identity Governance (OIG) Access Requests and how you can use…
-
OIG Access Requests – Requesting Access in Slack
A key benefit of Okta Identity Governance is the ability to interface with access request flows via chat tools such as Slack and Microsoft Teams. This article provides a summary of the different ways users can request access in Slack and how to monitor the progress of a request in Slack. Overview of OIG Access…
-
Integrating ServiceNow with OIG Access Requests
One of the standard integration points with Okta Identity Governance (OIG) Access Requests is to log a ticket of an access request in an ITSM tool like ServiceNow. This article explores the integration between OIG Access Requests and ServiceNow. Overview of Integration The primary focus of the Okta Identity Governance (OIG) Access Requests function is…
-
OIG Access Requests – What Else Can You Do?
The Okta Identity Governance (OIG) Access Requests module is built for requesting (and reviewing/approving) access to applications or groups in Okta. However, the module can do a lot more with the actions provided for the Okta integration. This article explores these and gives some examples of how they can be used. Please note that an…
-
Requesting Roles Through OIG Access Requests
This article looks at how Okta Identity Governance (OIG) can be used to provide a role-request feature in Access Requests. The example used is roles for Salesforce. What Roles? If you’re familiar with the Okta Identity Cloud data model, you will know there are users, groups and applications but no roles (other than roles to…
-
Inactive Application Account Reporting with Okta Workflows
I was recently asked about reporting, and possibly recertification, of inactive accounts in Okta. We can run reports in Okta on Okta profile states to find inactive users. We also have an Okta Workflows template to find and report on Okta users who haven’t accessed Okta in a period of time. But what about application…
-
Separation of Duties (SoD) With Okta Workflows
Implementation of Separation of Duties controls is often an Identity Governance requirement. Whilst SoD controls will find their way into the Okta Identity Governance product at some point, they can be implemented today using the Okta Identity Cloud data model and Okta Workflows. This article provides a sample implementation. Note that there is a later…
-
Can ASA Work With a Shared User Directory and Linux Servers?
Using a shared user directory for user authentication across server farms has been a common pattern since the 1990’s. Microsoft adopted it with Active Directory, but we’ve had NIS deployments for many years. Can Okta Advanced Server Access (ASA) work where user authentication is delegated to a central shared directory? Yes. This article looks at…
-
Continuous Certification with Okta Workflows
This article provides an approach to implementing continuous (re)certification using Okta Workflows. It discusses the concept and then walks through the sample implementation. IGA, Certification and Continuous Certification A key focus for Identity Governance and Administration (IGA) implementations is access certification (aka recertification or attestation). The aim of this is to periodically validate the access…
-
Troubleshooting Okta Advanced Server Access (ASA)
This post looks at the tools to use when troubleshooting issues with Okta Advanced Server Access (ASA). It’s not a “if you see this error, go do this” article – Google is great for that! This will look at where to go look for diagnostic info to help troubleshoot issues. Revisiting the Okta Components and…