Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Conferences
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
 Okta Administration Up and Running

You're reading from   Okta Administration Up and Running Drive operational excellence with IAM solutions for on-premises and cloud apps

Arrow left icon
Product type Paperback
Published in Dec 2023
Publisher Packt
ISBN-13 9781837637454
Length 306 pages
Edition 2nd Edition
Tools
Arrow right icon
Authors (2):
Arrow left icon
HenkJan de Vries HenkJan de Vries
Author Profile Icon HenkJan de Vries
HenkJan de Vries
Lovisa Stenbäcken Stjernlöf Lovisa Stenbäcken Stjernlöf
Author Profile Icon Lovisa Stenbäcken Stjernlöf
Lovisa Stenbäcken Stjernlöf
Arrow right icon
View More author details
Toc

Table of Contents (14) Chapters Close

Preface 1. Part 1:Getting Started with Okta
2. Chapter 1: IAM and Okta FREE CHAPTER 3. Chapter 2: Working with Universal Directory 4. Chapter 3: Using Single Sign-On for a Great End User Experience 5. Chapter 4: Increasing Security with Adaptive Multifactor Authentication 6. Chapter 5: Automating Using Lifecycle Management 7. Chapter 6: Customizing Your Okta GUI 8. Part 2: Extending Okta
9. Chapter 7: Okta Workflows 10. Chapter 8: API Access Management 11. Chapter 9: Managing Access with Advanced Server Access 12. Index 13. Other Books You May Enjoy

Discovering the basic features of Okta

Okta has a lot of different products, and organizations can pick and choose as they see fit. The most commonly used are the following:

  • Universal Directory (UD)
  • SSO
  • Adaptive Multifactor Authentication (AMFA)
  • Lifecycle Management (LCM)

It’s not always obvious in the administrator portal where one product starts and another one ends. This will be clarified in this book. The products will all be explained with practical examples in the coming chapters, but here is an initial overview.

Universal Directory

UD can be considered the foundation of any Okta setup. UD is the directory of your users, groups, and devices. Users can be sourced by Okta, other directories, an HR system, or even any source that contains user data. For organizations with multiple directories, such as AD, LDAP, G Suite, and an HR system, Okta can offer a complete 360-degree view of the users and their attributes consolidated into one system. Users can be sorted into groups created in Okta and imported from a directory or an application. With Okta’s attribute sourcing feature, the attributes of any user can be sourced by different sources.

Single sign-on

SSO lets us connect applications and lets our users access them through Okta. End users will only have to log in to Okta once and can thereafter access any application they have assigned to them. This is done with integrations based on SAML, WS-Federation, or OpenID Connect or with a simple Secure Web Authentication (SWA), where Okta stores credentials and passes them along to the application in a secure way. In the OIN, more than 7,000 integrations are available, and more are added every day. If the required application isn’t available in the OIN, customers can create their own integrations. This will be described in depth in Chapter 3, Using Single Sign-On for a Great End User Experience.

Multifactor authentication and adaptive multifactor authentication

Included in Okta’s SSO product are basic MFA features. You can easily set up policies to let your users utilize different kinds of authenticators after entering their password. Using the basic IP settings, you can set up network zones that protect your users and block bad actors from the outside.

Many third-party MFA solutions can be integrated with Okta, allowing you to leverage existing and perhaps currently deployed solutions into your Okta MFA policies.

If the basic features of MFA aren’t enough for you, Okta’s Adaptive MFA (AMFA) product brings even more advanced options. With AMFA, you can set and use the context in your MFA policies. The context can be location awareness, device fingerprinting and posture, or impossible velocity. Okta’s device trust options allow you to integrate with your third-party MDM systems to generate even more context around your users and devices.

Lifecycle management

So far, the Okta products we’ve looked at have focused a lot on end user experience and security. LCM is all about automation, easing up the friction between HR and IT. With LCM, organizations are better set up for audits. For instance, with your Okta instance set up—with groups, rules, integrations, and system logs—and access given, it’s easy to show when a user had access to what. With the group rules feature, automation takes over access given, removing the risk of manual errors. This will streamline work for the HR and IT departments, allowing them to do the work by creating the user only once in the organization’s systems. The creation, management, and deletion of users and accounts has never been this easy. Automatic account creation also minimizes mistakes caused by human error. A predetermined setup allows the organization to invest time upfront to create and set up the provisioning, and after that, it will automatically run based on the user’s identity and profile.

With Okta’s LCM functionality, you can also automate access control in certain applications. This allows you, with minimal interaction, to manage users with the correct role, license, entitlement, and group access.

You have been reading a chapter from
Okta Administration Up and Running - Second Edition
Published in: Dec 2023
Publisher: Packt
ISBN-13: 9781837637454
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime