IAmDavid

Tag: PAM

  • Using Risk in Okta to Manage Privileged Access in OPA

    Identity Threat Protection with Okta AI will continuously assess user context and automatically respond to identity threats across your ecosystem. This includes managing entity (user) risk levels. Okta Privileged Access does not explicitly have user risk built in, but user risk can be applied to control how users access privileged resources. This article looks at…

  • RDP’ing with Microsoft Active Directory Accounts in OPA

    Okta is extending it’s Okta Privileged Access capabilities with Microsoft Active Directory accounts by adding the ability to leverage them in direct RDP connections. This means it now supports two use cases with AD accounts – a reveal function where those credentials can be used (via copy’n’paste) to any AD-authenticated service, and the new direct…

  • A Set of Utilities for Secrets Management in OPA

    In a recent engagement a customer raised issues around management of secrets and folder,s and associated policies and users in their Okta Privileged Access (OPA) deployment. In the spirit of the mantra of Mr Bigweld in Robots “see a need, fill a need“, I set about writing some utilities to help manage larger, more-complex Secrets…

  • New Secrets Search Function in Okta Privileged Access

    Okta has introduced a new search function for Secrets in Okta Privileged Access (OPA). When an OPA user goes to the Secrets menu item, they will see a new search option. Typing in a search argument will show matching secrets with the secret name, Folder hierarchy (clickable breadcrumb), Resource Group / Project and Description. You…

  • Integrating Active Directory with Okta Privileged Access

    Okta has recently released their Microsoft Active Directory (AD) integration with Okta Privileged Access. This allows AD admin accounts to be stored in the vault and exposed via policy for use when accessing AD-authenticated services. This article provides a brief overview of the new feature. Note that this article is from the initial Active Directory…

  • Implementing an Offline Password Vault with Okta Privileged Access and KeePassXC

    Okta Privileged Access is a SaaS offering. Currently it does not have an offline mode for local storage of break glass credentials. But you can extend it to do so, and that’s the subject of this article. We look at a simple mechanism to export secrets from a folder and push them into a local…

  • Automating Individual Secret Folders in OPA with Workflows

    Okta Privileged Access has a secrets function, where a folder hierarchy can be built and policies applied to allow groups of users to access shared secrets. Whilst it’s not it’s primary use case, it could also be used to provide an individual secrets folder mechanism where users in Okta could have their own personal secrets…

  • Using Ansible to Manage the Server Agent in Okta Privileged Access

    This article looks at how Ansible could be used to manage the server agent (‘sftd‘) on a fleet of Linux servers. The article assumes there’s an Ansible deployment configured and the controller can connect to and run playbooks on managed servers. Note, I’m not an Ansible guru, I started looking at it a few days…

  • Leveraging Zero Standing Privileges and Shared Account Access with Okta Privileged Access

    We all appreciate that a Zero Standing Privileges model is the best approach when it comes to privileged access – if a compromised account doesn’t have standing privileges, then the attacker is limited in what they can do. But the reality for many organisations is that there are still shared accounts with elevated privileges that…

  • Introducing Secrets Management in Okta Privileged Access

    This article explores the new secrets management capability within Okta Privileged Access. Introduction to Secrets Management A key feature of the new Okta Privileged Access product is the introduction of a vault to securely store credentials (or secrets). With the initial release of the product this unlocks two critical use cases: This article will explore…

  • Okta Privileged Access – A Look at the Data Model

    This article provides a simplified view of the data model used in Okta Privileged Access (OPA). Note that this is a logical view of data objects and their relationships, and the term “object” is used very loosely (more like data types). Also this is based on the current Early Access product and may change with…

  • Okta Privileged Access – A Technical Introduction

    The new Okta Privileged Access product was featured in the recent Oktane23 conference. The product became Generally Available on Dec 1 2023. This article is a brief technical overview of Okta Privileged Access (OPA) looking at the components, functions and managed resource types of the product. It is written to provide a backdrop for other…

  • IGA and PAM – Managing Identities in a Red Hat OpenShift Environment

    You might have missed it as there wasn’t a lot of press, but IBM recently acquired a small startup called Red Hat. As with many IBMers, I have been on a steep learning curve to understand the capabilities this brings. As an interesting exercise, I thought I’d treat the OpenShift stack as an identity project…