Category: Products
Okta, and other, products
-
Implementing an Offline Password Vault with Okta Privileged Access and KeePassXC
Okta Privileged Access is a SaaS offering. Currently it does not have an offline mode for local storage of break glass credentials. But you can extend it to do so, and that’s the subject of this article. We look at a simple mechanism to export secrets from a folder and push them into a local…
-
Importing Entitlements for Disconnected Apps in OIG
Okta recently introduced a new feature into Okta Identity Governance for importing users and entitlements for disconnected apps via a CSV import. This article explores the new feature. Introduction Okta has had the ability to import users via a CSV file for a long time. This has been an effective way to bulk load users…
-
An Introduction to Managing SaaS Shared (Service) Accounts in OPA
Late in 2024 Okta released a new feature for Okta Privileged Access – the ability to manage SaaS shared accounts using the same approach to managing access to other privileged resources like servers. This article provides an introduction to this new feature. This article assumes the reader is familiar with Okta Privileged Access. If not,…
-
An Introduction to Resource Collections in OIG
This article introduces the new Resource Collections feature in Okta Identity Governance, looking at how collections are defined, requested and reviewed. Introduction Okta has introduced a new feature into Okta Identity Governance (OIG) called Resource Collections (or sometimes referred to as just Collections). They are a way to define a role that spans different entitlements…
-
Preconfigured Access Certification Campaigns in Okta Identity Governance
The Access Certifications capability has been a core part of Okta Identity Governance (OIG) since its inception. However in the first update for this year (2025.01.0), Preconfigured Access Certifications Campaigns were added to OIG. This article explores the new feature. Overview Building of access certification campaigns is very straightforward. The wizard-like flow walks you through…
-
Automating Individual Secret Folders in OPA with Workflows
Okta Privileged Access has a secrets function, where a folder hierarchy can be built and policies applied to allow groups of users to access shared secrets. Whilst it’s not it’s primary use case, it could also be used to provide an individual secrets folder mechanism where users in Okta could have their own personal secrets…
-
Automating Realm Creation in Okta with Workflows
The new Realms feature in the Okta Workforce platform and the Secure Partner Access (SPA) product built on top of it are designed to make management of discrete user populations simpler. Realms can be managed via the Okta Admin Console. But what about when you want to automate the process, such as onboarding a large…
-
Assigning Administrators to Realms in Okta
Realms were introduced into Okta to provide an alternative mechanism for delegated administration with discrete user populations. A key aspect of this is the administration – you may need to have different types of administrator roles for the users in the realm, but also allow cross-realm roles. In this article we explore configuring administrators for…
-
An Introduction to Realms in Okta
Okta recently added a new feature to the Universal Directory called Realms. This article provides an overview of the new feature. Note that Realms is only available with the Okta Identity Governance and Secure Partner Access products. At the time of writing this article, Realms is in Early Access. Background – Why do we need…
-
Reduce Risk through Governance for Okta Administrators
In this article we explore the different patterns for associating users with administrative roles and how we can reduce the risk around these using governance. There are multiple articles listing the controls that should be applied to the administrative access in Okta, but this article will focus on the governance controls. Introduction Okta administration is…
-
Using Ansible to Manage the Server Agent in Okta Privileged Access
This article looks at how Ansible could be used to manage the server agent (‘sftd‘) on a fleet of Linux servers. The article assumes there’s an Ansible deployment configured and the controller can connect to and run playbooks on managed servers. Note, I’m not an Ansible guru, I started looking at it a few days…
-
Managing and Using Okta Shared Accounts with Okta Privileged Access
Okta recently announced a new SaaS app service account capability for Okta Privileged Access. This includes being able to manage the passwords for Okta users (accounts) that may need to be shared for administrative functions. This article will explore this new capability. Introduction Users in Okta may be consumers of Okta services, like SSO, but…
-
The Combined Power of Okta Privileged Access and Okta Identity Governance
This article looks at the benefits of combining Okta Privileged Access with Okta Identity Governance to reduce the risk of using privileged accounts and access. Introduction Both Okta Privileged Access (OPA) and Okta Identity Governance (OIG) are part of the Okta Workforce Identity Cloud platform (Okta WIC). OIG is focused on governing identities – having…
-
Okta Privileged Access Requests with JIRA and Okta Workflows
This article looks at how to use Jira to raise and manage time-bound privileged access requests in Okta Privileged Access. It leverages an Okta Workflows solution that integrates with Jira and then manages Okta group membership. Introduction Before looking at the solution details and the user flows, it’s worthwhile providing an overview and some design…
-
Troubleshooting Okta Privileged Access
This post looks at the tools to use when troubleshooting issues with Okta Privileged Access (OPA). It’s not a “if you see this error, go do this” article – Google is great for that! It will look at where to go to look for diagnostic info to help troubleshoot issues. This article is based off…
-
New Features for the Access Request Conditions and Resource Catalog in Okta Identity Governance
Two new features have been introduced into the Access Request Conditions and Resource Catalog (aka RCAR) feature in Okta Identity Governance – Request on Behalf Of, and User-specified Access Duration. This article introduces these new features. Request On Behalf Of Okta Identity Governance introduced the ability to request access on behalf of another user into…