Category: PAM
-
Troubleshooting Okta Privileged Access
This post looks at the tools to use when troubleshooting issues with Okta Privileged Access (OPA). It’s not a “if you see this error, go do this” article – Google is great for that! It will look at where to go to look for diagnostic info to help troubleshoot issues. This article is based off…
-
Using the Secrets API with Okta Privileged Access
Okta Privileged Access has the ability to store and retrieve generic secrets in it’s vault. This can be done via the user interface, the sft client in the command line or via the Secrets API. This article will explore the Secrets API for managing secrets in the vault. Overview Secrets management involves both folders (and…
-
Bulk Imports of Sudo Rules for Okta Privileged Access using Workflows
This article showcases two new features of Okta Privileged Access – Sudo command bundles and the Okta Privileged Access Workflows connector. It shows how a standard workflow mechanism can be used for bulk-loading sudo commands, specifically for commands to work with OpenLDAP. Introduction Okta recently released two new capabilities to Okta Privileged Access. The first…
-
Centrally Managing SUDO Rules with Okta Privileged Access
Sudo provides a granular access control mechanism on many *nix variants (if you run a Mac, sudo is the thing prompting for the password when you try to do something). The ability to centrally manage sudo rules and grant access via policy has recently been added to Okta Privileged Access. This article explores the new…
-
Generating Okta Privileged Access Reports with the new Workflows Connector
Okta recently released a Workflows connector for Okta Privileged Access. It provides an abstraction of many of the Okta Privileged Access APIs to make working with them in Workflows easier. This article is an exploration of using the new connector to produce Okta Privileged Access reports, specifically access reports for users and resources. Introduction Okta…
-
Okta Privileged Access and Automation with DevOps Tools
This article looks at how Okta Privileged Access (OPA) can leverage DevOps tooling for automation in large infrastructure environments. Introduction Okta Privileged Access (OPA) provides privileged access management (PAM) for multiple use cases, such as securing access to privileged credentials (secrets) and privileged access to servers. Where there is a large environment needing PAM, customers…
-
Using Custom Labels in OPA for More Flexible Policies
This article looks at the new custom labels feature in Okta Privileged Access (OPA) and how they can be used to make policy management and assignment more flexible. This is a parity feature that was available in Okta Advanced Server Access and is now available in OPA. Labels in Okta Privileged Access When a server…
-
MFA Can Now Be Applied to Secret Access Policy in Okta Privileged Access
Okta Privileged Access (OPA) has had the option to turn on Multifactor Authentication (MFA) for server access policy for some time. This has now been extended to cover secret access policy. If you have worked with OPA Policy Rules for Secrets you will be familiar with the following that shows the permissions that can be…
-
The New Checkout Feature in Okta Privileged Access
This article provides information on the latest feature released for Okta Privileged Access – Checkout. This feature allows setting exclusive checkout on shared accounts and manage the checkout/checkin of those accounts. Pre-Reqs The feature is there in Okta Privileged Access preview and production teams. You do not need to “turn on” any features. As always…
-
Managing Access in Okta Privileged Access with the new OIG Resource Catalog
Okta has released into Early Access a new feature called the Access Request Conditions and Resource Catalog, or more simply the Resource Catalog. This is a new way to configure and use access requests in Okta Identity Governance. This article shows how this can be applied to access within Okta Privileged Access. Introduction Okta Privileged…
-
Privileged Access Management for AWS using Okta Workforce Solutions
This article is a summary of a presentation I recently gave looking at Okta Workforce Identity Cloud and Amazon Web Services (AWS). It is focused on how privileged access management can be applied to AWS users and access, leveraging the different Identity and Access Management (IAM) capabilities in Okta. Note that this article talks about…
-
Okta Privileged Access – Determining and Highlighting Risk in Roles and Policies
Okta Privileged Access provides a flexible framework for controlling who can access what privileged resources and how. This includes resource groups for managing resources, security policies for controlling access, administrative roles to manage them, and principals to use them. Invariably configuring the PAM solution will introduce risk. But how to monitor and manage the risk…
-
Okta Privileged Access and Access Certification – Getting Roles into the Group Description
As with many SaaS applications in Okta, application entitlement can be managed via Okta Groups pushed to Okta Privileged Access (OPA). This means membership in OPA policies and roles is based on Okta Group membership and thus can be governed by access requests and access certification for those groups. In this article we look at…
-
Okta Privileged Access and the Reports API – Who has Access to What and How?
With the release of Okta Privileged Access, an API has also been released to provide programmatic access into objects managed by it, such as servers, secrets and gateways. There is a set of Access Reports APIs to allow for external reporting on who has access to what and how. This article explores the APIs, the…
-
Leveraging Zero Standing Privileges and Shared Account Access with Okta Privileged Access
We all appreciate that a Zero Standing Privileges model is the best approach when it comes to privileged access – if a compromised account doesn’t have standing privileges, then the attacker is limited in what they can do. But the reality for many organisations is that there are still shared accounts with elevated privileges that…
-
Introducing Secrets Management in Okta Privileged Access
This article explores the new secrets management capability within Okta Privileged Access. Introduction to Secrets Management A key feature of the new Okta Privileged Access product is the introduction of a vault to securely store credentials (or secrets). With the initial release of the product this unlocks two critical use cases: This article will explore…