Tag: Workflows
-
Using Risk in Okta to Manage Privileged Access in OPA
Identity Threat Protection with Okta AI will continuously assess user context and automatically respond to identity threats across your ecosystem. This includes managing entity (user) risk levels. Okta Privileged Access does not explicitly have user risk built in, but user risk can be applied to control how users access privileged resources. This article looks at…
-
New Delegate Feature in OIG
Okta has recently released a delegate feature in Okta Idenity Governance. This feature allows all governance activity, such as reviewing access requests or access certifications, to another Okta user (optionally for a set period). This article introduces the new feature. Introduction We all need to go on leave or take time off. So what happens…
-
A Set of Utilities for Secrets Management in OPA
In a recent engagement a customer raised issues around management of secrets and folder,s and associated policies and users in their Okta Privileged Access (OPA) deployment. In the spirit of the mantra of Mr Bigweld in Robots “see a need, fill a need“, I set about writing some utilities to help manage larger, more-complex Secrets…
-
ISPM Architecture
This article provides a brief introduction to the architecture of Okta Identity Security Posture Management (ISPM). The following figure provides an overview of the architecture. We will break it up into the Input, Service, Console with Users/Roles and Output. Input ISPM is fed from different sources. The main source is from other customer systems, such…
-
New Okta Group Push API
If you have been working with applications in Okta for some time and occasionally use the APIs (or Workflows) you would be aware that one glaring omission in the API library was an API to manage the Push Groups on applications. This has now been addressed with the Group Push Mapping API. The Group Push…
-
An Introduction to Managing SaaS Shared (Service) Accounts in OPA
Late in 2024 Okta released a new feature for Okta Privileged Access – the ability to manage SaaS shared accounts using the same approach to managing access to other privileged resources like servers. This article provides an introduction to this new feature. This article assumes the reader is familiar with Okta Privileged Access. If not,…
-
Automating Individual Secret Folders in OPA with Workflows
Okta Privileged Access has a secrets function, where a folder hierarchy can be built and policies applied to allow groups of users to access shared secrets. Whilst it’s not it’s primary use case, it could also be used to provide an individual secrets folder mechanism where users in Okta could have their own personal secrets…
-
The Combined Power of Okta Privileged Access and Okta Identity Governance
This article looks at the benefits of combining Okta Privileged Access with Okta Identity Governance to reduce the risk of using privileged accounts and access. Introduction Both Okta Privileged Access (OPA) and Okta Identity Governance (OIG) are part of the Okta Workforce Identity Cloud platform (Okta WIC). OIG is focused on governing identities – having…
-
Okta Privileged Access Requests with JIRA and Okta Workflows
This article looks at how to use Jira to raise and manage time-bound privileged access requests in Okta Privileged Access. It leverages an Okta Workflows solution that integrates with Jira and then manages Okta group membership. Introduction Before looking at the solution details and the user flows, it’s worthwhile providing an overview and some design…
-
Generating Okta Privileged Access Reports with the new Workflows Connector
Okta recently released a Workflows connector for Okta Privileged Access. It provides an abstraction of many of the Okta Privileged Access APIs to make working with them in Workflows easier. This article is an exploration of using the new connector to produce Okta Privileged Access reports, specifically access reports for users and resources. Introduction Okta…
-
Privileged Access Management for AWS using Okta Workforce Solutions
This article is a summary of a presentation I recently gave looking at Okta Workforce Identity Cloud and Amazon Web Services (AWS). It is focused on how privileged access management can be applied to AWS users and access, leveraging the different Identity and Access Management (IAM) capabilities in Okta. Note that this article talks about…
-
Okta Privileged Access – Determining and Highlighting Risk in Roles and Policies
Okta Privileged Access provides a flexible framework for controlling who can access what privileged resources and how. This includes resource groups for managing resources, security policies for controlling access, administrative roles to manage them, and principals to use them. Invariably configuring the PAM solution will introduce risk. But how to monitor and manage the risk…
-
Okta Privileged Access and Access Certification – Getting Roles into the Group Description
As with many SaaS applications in Okta, application entitlement can be managed via Okta Groups pushed to Okta Privileged Access (OPA). This means membership in OPA policies and roles is based on Okta Group membership and thus can be governed by access requests and access certification for those groups. In this article we look at…
-
Okta Privileged Access and the Reports API – Who has Access to What and How?
With the release of Okta Privileged Access, an API has also been released to provide programmatic access into objects managed by it, such as servers, secrets and gateways. There is a set of Access Reports APIs to allow for external reporting on who has access to what and how. This article explores the APIs, the…
-
OIG Access Requests – Can I Attach a File?
A common requirement for access requests is adding a file to support the request. It may not be obvious, but Okta Identity Governance has the means to attach a file to a request. Let’s explore this and show an example. How to Attach a File in the Access Requests Portal A file can be attached…