IAmDavid

Tag: ASA

  • Centrally Managing SUDO Rules with Okta Privileged Access

    Sudo provides a granular access control mechanism on many *nix variants (if you run a Mac, sudo is the thing prompting for the password when you try to do something). The ability to centrally manage sudo rules and grant access via policy has recently been added to Okta Privileged Access. This article explores the new…

  • Using Custom Labels in OPA for More Flexible Policies

    This article looks at the new custom labels feature in Okta Privileged Access (OPA) and how they can be used to make policy management and assignment more flexible. This is a parity feature that was available in Okta Advanced Server Access and is now available in OPA. Labels in Okta Privileged Access When a server…

  • Okta Privileged Access and the Reports API – Who has Access to What and How?

    With the release of Okta Privileged Access, an API has also been released to provide programmatic access into objects managed by it, such as servers, secrets and gateways. There is a set of Access Reports APIs to allow for external reporting on who has access to what and how. This article explores the APIs, the…

  • Okta Privileged Access – A Look at the Data Model

    This article provides a simplified view of the data model used in Okta Privileged Access (OPA). Note that this is a logical view of data objects and their relationships, and the term “object” is used very loosely (more like data types). Also this is based on the current Early Access product and may change with…

  • Extracting Okta ASA Audit Log with Okta Workflows

    The audit logs in Okta Advanced Server Access (ASA) can be viewed in the ASA administrative interface or extracted via the ASA Audit V2 API (and this is what the integrations with SIEM tools do). But what about the situation where you just need to extract all the logs and process them somewhere? You could…

  • Managing Multiple AD Users in the AD-Joined Feature of ASA

    Okta recently released the AD-Joined feature for Okta Advanced Server Access. This feature extends ASA secured RDP access to Windows servers in an AD domain, leveraging user credentials also stored in Active Directory. The feature supports both traditional password-based access and passwordless access using AD certificates, with the flexibility of having a mix of both…

  • Can ASA Work With a Shared User Directory and Linux Servers?

    Using a shared user directory for user authentication across server farms has been a common pattern since the 1990’s. Microsoft adopted it with Active Directory, but we’ve had NIS deployments for many years. Can Okta Advanced Server Access (ASA) work where user authentication is delegated to a central shared directory? Yes. This article looks at…

  • ASA PreAuthorization with Okta Workflows

    This article explores how standard Okta self-service access requests and Okta Workflows can be used to implement Just-In-Time access to Okta Advanced Server Access. It assumes some understanding of Okta, Okta Workflows and Okta Advanced Server Access objects and capabilities. Just-In-Time Access with Okta Advanced Server Access A common request with Okta Advanced Server Access…

  • Troubleshooting Okta Advanced Server Access (ASA)

    This post looks at the tools to use when troubleshooting issues with Okta Advanced Server Access (ASA). It’s not a “if you see this error, go do this” article – Google is great for that! This will look at where to go look for diagnostic info to help troubleshoot issues. Revisiting the Okta Components and…