Provisioning actions between cloud-based apps / on-premises apps and Okta are completed by using:
Solution: The OAuth 2.0 standard
There might be specific AD attributes, which - apart from others - do not appear in the Okta user profile. Can those extra attributes be mapped and provisioned towards an app?
Solution: No, it is not possible as Okta queries the whole AD schema and retrieves everything that it's able to
When does Okta bring LDAP groups into Okta?
Solution: During both LDAP import and JIT
When does Okta bring LDAP roles into Okta?
Solution: During both LDAP import and JIT
When does Okta bring LDAP roles into Okta?
Solution: Only during LDAP JIT
Okta has a json representation of objects such as 'users', json schema interchanged on API calls, as an example, but what about the format of information regarding of a user going to a SCIM server for creating the user in an On Premises application?
Solution: Format stays the same: json
When using Okta Expression Language, which variable type results out of this Okta Expression? isMemberOfGroup("groupId")
Solution: Boolean
What does SCIM stand for?
Solution: System for Cross-domain Identity Management
Which is a / are best-practice(s) in a SAML 2.0 situation?
Solution: To never enable SAML for all your end-users
You just re-enabled IWA DSSO and notice it's not behaving as it should. What is an aspect you should keep in mind?
Solution: That when re-enabling IWA DDSO the Identity Provider (IDP) routing rules must be manually reactivated
In Okta's KB articles the set of functions under the 'Provisioning' concept are referred to as CRUD. This is a concept you also meet when referring to CRUD APIs. What about its meaning here, in Okta's vision?
Solution: In 'Provisioning', CRUD stands for Create, Read, Upload, Deprovision
What does SCIM stand for?
Solution: System for CRSF-domain Identity Management
If you want to remove an attribute's value in Okta, for example a value coming from AD that is not useful in any way, you have to:
Solution: Intentionally map a blank value to that specific attribute in the user profile
The Okta On-Prem MFA Agent acts as a Radius client and communicates with the RADIUS enabled On-Prem server, including RSA Authentication manager for RSA SecurIDs. This basically allows your organization to leverage Second Factor from a variety of On-Premises multifactor authentication tools.
Solution: The statement is true
Which is a / are best-practice(s) in a SAML 2.0 situation?
Solution: To not use SAML 2.0 and Provisioning via the same App instance in Okta, but integrate the same SP custom domain via two different app instances in Okta, one for SSO, via SAML 2.0 in this case, and one for provisioning on users
Regarding Access Request Workflow, when a user requests an app - he can also include a message to the approver. But you can also designate an approver group.
Solution: Both statements are true
Once brought into Okta, LDAP roles are represented as:
Solution: Licences
Regarding policies, Okta recommends:
Solution: Include a final catch-all rule that denies access to anything that does not match any of the preceding rules
When a user's Okta password is changed:
Solution: All apps that are Provisioning-enabled and have Sync Password option active under Provisioning settings - will begin to sync the password in respective apps, but only if JIT Provisioning is enabled as well as it has to be a just-in-time action, the moment the user resets the password