IAmDavid

Category: OPA

  • Recent Updates to Okta Privileged Access – Oct 25

    There have been a number of features released for Okta Privileged Access over the recent months, some major and some minor, but may have been lost in the excitement of Oktane 25. This article provides a summary of all the changes release. Introduction The last two quarters have been very busy for Okta Privileged Access…

  • Using Risk in Okta to Manage Privileged Access in OPA

    Identity Threat Protection with Okta AI will continuously assess user context and automatically respond to identity threats across your ecosystem. This includes managing entity (user) risk levels. Okta Privileged Access does not explicitly have user risk built in, but user risk can be applied to control how users access privileged resources. This article looks at…

  • RDP’ing with Microsoft Active Directory Accounts in OPA

    Okta is extending it’s Okta Privileged Access capabilities with Microsoft Active Directory accounts by adding the ability to leverage them in direct RDP connections. This means it now supports two use cases with AD accounts – a reveal function where those credentials can be used (via copy’n’paste) to any AD-authenticated service, and the new direct…

  • A Set of Utilities for Secrets Management in OPA

    In a recent engagement a customer raised issues around management of secrets and folder,s and associated policies and users in their Okta Privileged Access (OPA) deployment. In the spirit of the mantra of Mr Bigweld in Robots “see a need, fill a need“, I set about writing some utilities to help manage larger, more-complex Secrets…

  • New Secrets Search Function in Okta Privileged Access

    Okta has introduced a new search function for Secrets in Okta Privileged Access (OPA). When an OPA user goes to the Secrets menu item, they will see a new search option. Typing in a search argument will show matching secrets with the secret name, Folder hierarchy (clickable breadcrumb), Resource Group / Project and Description. You…

  • Privileged Access Management for Microsoft Active Directory with Okta

    Microsoft Active Directory is pervasive across industry, and thus a common target for hackers, particularly with the abundance of privileged accounts. In this article we look at how the Okta Workforce platform can use different approaches to managing privileged access and reducing the risk of these accessed. It includes just-in-time provisioning of access and dynamic…

  • Okta Privileged Access – Example Mechanisms to Export/View Session Recordings

    This article provides some example mechanisms that could be used to export and view the session recording files produced by Okta Privileged Access. There are two examples shown: These are provided as examples to show how you could implement a mechanism. Introduction Okta Privileged Access (OPA) and it’s predecessor Okta Advanced Server Access (Okta ASA),…

  • Integrating Active Directory with Okta Privileged Access

    Okta has recently released their Microsoft Active Directory (AD) integration with Okta Privileged Access. This allows AD admin accounts to be stored in the vault and exposed via policy for use when accessing AD-authenticated services. This article provides a brief overview of the new feature. Note that this article is from the initial Active Directory…

  • Implementing an Offline Password Vault with Okta Privileged Access and KeePassXC

    Okta Privileged Access is a SaaS offering. Currently it does not have an offline mode for local storage of break glass credentials. But you can extend it to do so, and that’s the subject of this article. We look at a simple mechanism to export secrets from a folder and push them into a local…

  • An Introduction to Managing SaaS Shared (Service) Accounts in OPA

    Late in 2024 Okta released a new feature for Okta Privileged Access – the ability to manage SaaS shared accounts using the same approach to managing access to other privileged resources like servers. This article provides an introduction to this new feature. This article assumes the reader is familiar with Okta Privileged Access. If not,…

  • Automating Individual Secret Folders in OPA with Workflows

    Okta Privileged Access has a secrets function, where a folder hierarchy can be built and policies applied to allow groups of users to access shared secrets. Whilst it’s not it’s primary use case, it could also be used to provide an individual secrets folder mechanism where users in Okta could have their own personal secrets…

  • Reduce Risk through Governance for Okta Administrators

    In this article we explore the different patterns for associating users with administrative roles and how we can reduce the risk around these using governance. There are multiple articles listing the controls that should be applied to the administrative access in Okta, but this article will focus on the governance controls. Introduction Okta administration is…

  • Using Ansible to Manage the Server Agent in Okta Privileged Access

    This article looks at how Ansible could be used to manage the server agent (‘sftd‘) on a fleet of Linux servers. The article assumes there’s an Ansible deployment configured and the controller can connect to and run playbooks on managed servers. Note, I’m not an Ansible guru, I started looking at it a few days…

  • Managing and Using Okta Shared Accounts with Okta Privileged Access

    Okta recently announced a new SaaS app service account capability for Okta Privileged Access. This includes being able to manage the passwords for Okta users (accounts) that may need to be shared for administrative functions. This article will explore this new capability. Introduction Users in Okta may be consumers of Okta services, like SSO, but…

  • The Combined Power of Okta Privileged Access and Okta Identity Governance

    This article looks at the benefits of combining Okta Privileged Access with Okta Identity Governance to reduce the risk of using privileged accounts and access. Introduction Both Okta Privileged Access (OPA) and Okta Identity Governance (OIG) are part of the Okta Workforce Identity Cloud platform (Okta WIC). OIG is focused on governing identities – having…

  • Okta Privileged Access Requests with JIRA and Okta Workflows

    This article looks at how to use Jira to raise and manage time-bound privileged access requests in Okta Privileged Access. It leverages an Okta Workflows solution that integrates with Jira and then manages Okta group membership. Introduction Before looking at the solution details and the user flows, it’s worthwhile providing an overview and some design…