Category: Products
Okta, and other, products
-
Okta Privileged Access and the Reports API – Who has Access to What and How?
With the release of Okta Privileged Access, an API has also been released to provide programmatic access into objects managed by it, such as servers, secrets and gateways. There is a set of Access Reports APIs to allow for external reporting on who has access to what and how. This article explores the APIs, the…
-
Leveraging Zero Standing Privileges and Shared Account Access with Okta Privileged Access
We all appreciate that a Zero Standing Privileges model is the best approach when it comes to privileged access – if a compromised account doesn’t have standing privileges, then the attacker is limited in what they can do. But the reality for many organisations is that there are still shared accounts with elevated privileges that…
-
Introducing Secrets Management in Okta Privileged Access
This article explores the new secrets management capability within Okta Privileged Access. Introduction to Secrets Management A key feature of the new Okta Privileged Access product is the introduction of a vault to securely store credentials (or secrets). With the initial release of the product this unlocks two critical use cases: This article will explore…
-
Okta Privileged Access and Okta Access Requests
Okta Privileged Access (OPA) leverages with wider Okta Workforce Identity Cloud capabilities for many use cases. One of these integrations is with the Okta Access Requests components, that comes as part of the Okta Identity Governance (OIG) product, but also ships in a limited form with OPA. This article explores the two common use cases:…
-
Okta Privileged Access – A Look at the Data Model
This article provides a simplified view of the data model used in Okta Privileged Access (OPA). Note that this is a logical view of data objects and their relationships, and the term “object” is used very loosely (more like data types). Also this is based on the current Early Access product and may change with…
-
Okta Privileged Access – A Technical Introduction
The new Okta Privileged Access product was featured in the recent Oktane23 conference. The product became Generally Available on Dec 1 2023. This article is a brief technical overview of Okta Privileged Access (OPA) looking at the components, functions and managed resource types of the product. It is written to provide a backdrop for other…
-
Entitlements Managed in OIG with Early Access
The new Entitlement Management capability in Okta Identity Governance (OIG) is currently in Early Access for OIG customers. With this release Okta has updated five of the Okta Integration Network (OIN) connectors to support this new capability – splitting entitlements from other application profile attributes and managing the two-way sync between Okta and the applications.…
-
OIG Entitlement Management – A Technical Introduction
Okta continues to enhance the Okta Identity Governance product in the areas of Access Requests, Access Certification, and Governance reporting. However a significant update, Entitlement Management, was announced at Oktane23 and is currently in Early Access. This article provides a technical overview of the new Entitlement Management capability. What is Entitlement Management? Okta is adding…
-
OIG Assets in the Okta Community
Those following this blog will know I post a lot of technical assets on the Okta products from a technical specialist perspective, such as the how-to’s that aren’t obvious from product documentation or cross-product solutions to address specific use cases. But did you know there are some community assets published by Okta in addition to…
-
OIG Access Requests – Can I Attach a File?
A common requirement for access requests is adding a file to support the request. It may not be obvious, but Okta Identity Governance has the means to attach a file to a request. Let’s explore this and show an example. How to Attach a File in the Access Requests Portal A file can be attached…
-
OIG Access Requests – Posting Questions Based on Earlier Selections
My colleague, Rajesh Kumar, showed me something today that fell into the “wow, I didn’t even think of using the product this way” category. It involves using logic in Access Request flows (Request Types) in Okta Identity Governance to prompt for additional information based on earlier selections. Let’s look at how the user experiences it,…
-
OIG Access Requests and Workflows – Checking SoD In An Access Request
This article looks at a new approach you could use to perform Separation of Duties (SoD) checking from Okta Access Requests using Okta Workflows. It shows two approaches you could take to get SoD analysis into the request a soon as it’s raised so that the reviewer has the information at hand before approving the…
-
OIG Access Requests – Posting Additional Information into a Request
This article looks at a recent addition to the Okta Identity Governance (OIG) Access Request API that allows updating of in-flight access requests and can be used to add additional data to help reviewers review requests. Note that the OIG APIs are still in beta but can be used against preview and production Okta orgs.…
-
User Access Reviews in Okta Identity Governance
This article explores the new user campaign (User Access Review) feature in Okta Identity Governance (OIG) Access Certifications. Introduction The ability to build and run access certification campaigns against resources in Okta (groups and applications) has been in Okta Identity Governance (OIG) since it was released. In June User Campaigns was added to address User…
-
OIG Access Requests – Calling an Okta Workflow from Within a Request Type
For some time there has been the ability to trigger a workflow in Okta Workflows from a request flow in Okta Access Requests via events written to the Okta System Log. Events were created for a request being initiated and being closed. But this approach has some limitations, such as a lot of processing within…
-
Understanding AWS IAM and Integrating with Okta and Workflows
I’ve been looking into application entitlements and the Amazon Web Services (AWS) users, groups and entitlements has perplexed me for some time. I’ve had the opportunity to explore it, try to understand it and build some integration between Okta Workforce Identity Cloud (via Okta Workflows). This post is a summary of my findings. AWS and…