Author: Dinesh Runjala

Okta WIC Core Capabilities

Posted on by Dinesh Runjala in Okta

About Okta:

Okta is a trusted player in Identity & Access Management domain & is renounced for its best-in-class products & services. By leveraging the cloud, Okta allows users to access applications on any device at any time, while still enforcing strong security controls. Okta integrates with your organization’s existing directories, HRMS / Application directories and 3rd party identity systems to establish a central directory structure. Okta got an app catalogue of 8,000+ app integration which facilitates the users to have seamless SSO experience to access the integrated entitled applications from a single dashboard. Okta Workforce Identity cloud is a platform for your employees, contractors, or partners to access your organization’s digital resources.

Okta platform is spread across the Identity Domains and the capabilities around those core pillars.

  • Access Management.
  • Identity Governance & Administration.
  • Privileged Access
Okta Workforce Identity Cloud

Access Management:

Access Management primary focus of interest is around granting & revoking privileges to access an application or data or perform any actions on the applications / systems. The main objectives of Access Management are to authenticate the users, authorizing the actions attempted by the users & accounting the activities / actions performed.

Okta is aligned to these guiding principles and ensures the right users have access to the right resources at the right time through a variety of products & services listed below.

  • Single Sign-On
  • Adaptive Multi Factor Authentication
  • Password-less Authentication
  • Identity Federation
  • Access Gateway
  • Security Policies
  • Behaviors detections
  • Identity Threat Protection

Identity Governance & Administration:

Identity Governance & Administration focuses on governance, compliance & visibility across identities spread across the organizations. Identity governance is about policies around separation of duties, access requests for role management, access certifications to validate the access privileges, finally analytics & reporting. While Identity Administration is focused on provisioning the users to the requested applications / resources, managing the changes in the user role with appropriate access privileges & deprovisioning the access privileges when access is no longer required. IGA systems are designed to give organizations visibility into access sprawls and provide better controls to identify and limit access creeps to their resources.

Okta manages IGA diligently and the IGA architecture is perfectly balanced by leveraging the following products & services:

  • Access Governance
    • Access Requests
    • Access Certifications
    • Reporting
    • Entitlement Management
  • Lifecycle Management
  • Okta Workflows

Privileged Access Management:

Privileged Access Management revolves around securing & monitoring access to critical systems initiated by privileged users such as IT administrators, Application Owners, Contractors or 3rd party vendors who manage the infrastructure on your behalf. Users who hold privileged accesses are susceptible to cyber security attacks and if left unnoticed, results in a higher risk impacting the organization overall security posture. Compromising the privileged accounts will let the malicious actors have the key to the organization’s digital assets.

Okta being a cloud Identity Provider & with the tight integrations between these core pillars, Okta Privileged Access facilitates organizations to reduce risk by leveraging the IGA & Access Management services for privileged resources irrespective of the resource origins, cloud or on-premises servers. This will deliver better visibility, security, and compliance, without compromising on the user’s experience. Okta Privileged Access key capabilities are as follows:

  • JIT access to the infrastructure
  • Session recording & Auditing
  • Secrets Vaulting
  • Privileged Access Governance
  • Service Account management for Applications.

Demonstration of Core Capabilities:

Here’s the video comprising the core capabilities & working flow showcasing few real-time scenarios.

Reference Links:

Single Sign-On | Okta

Adaptive Multi-Factor Authentication (AMFA) | Okta

Identity Governance | Okta

Okta Privileged Access | Okta

Microsoft 365 SSO Integration using Okta

Posted on by Dinesh Runjala in Okta
  • Overview
  • Prerequisites
  • Usecase Overview – Integration flow
  • Technical Walkthrough
  • Conclusion
  • Reference Links

Overview:

Most of the organizations, rely on Microsoft Active Directory Services or LDAP for a centralized store for identities & access permissions. Majority of the on-prem applications rely on these services to authenticate and authorize the actions. But with the cloud-based application, where the applications would have their own identity profiles to manage the application it is challenging for the administrator to manage the user accounts & it would be challenging for the end user too to use multiple identities for multiple applications.

Okta provides a solution to utilize the existing Microsoft Active Directory Services / LDAP services to access the SaaS applications through Active Directory / LDAP integration. This allows a single dashboard for the users to access the applications using their existing credentials and for administrators a centralized service to handle the lifecycle management.

In this section, we will integrate an existing on-premises Active Directory to Okta and let Okta provision the user accounts for us in Microsoft 365 tenant.

For simulating this in our lab environment, we’ll need to have access to 3 entities & few prerequisites.

  • Okta Tenant.
  • Member Server for Okta Active Directory Agent Installation.
  • Microsoft 365 tenant.

Pre-requisites:

Okta Tenant:

  • An account with Super Admin role privileges.

Member Server for Okta Active Directory Agent Installation:

  • The host server should have at least two CPUs and a minimum of 8 GB RAM.
  • Host server running Windows server 2016 & above is supported.
  • .NET framework 4.6.2 and above is supported.
  • Host server should be a member server part of the same domain.
  • Okta agent installation wizard should be executed from host server.

Microsoft 365 Tenant:

  • Microsoft 365 tenant name – This is the default tenant name registered as “comanyname.onmicrosoft.com”
  • Microsoft 365 domain – This is the custom domain which is chosen for federation.
  • Microsoft 365 global administrator user account.

Usecase Overview – Integration flow:

Please refer to the below video to have an understanding about Okta & the use case around integrating Office365 with Okta.

Technical Walkthrough:

Here’s the technical demonstration on the integration between Office 365 & Okta.

Conclusion:

On a closure note, with all the steps carried out in this blog it is fair enough to say integrating Okta with Active Directory & Office 365 eases the overhead of IT administrators for access management and provisioning happening through Single Sign-on. With this integration in place, IT administrators can manage the user assignments & modifying the attributes from Okta and the replication will happen to AD & Office 365 tenant.

Reference Links:

Okta Docs | Configure Single Sign-On for Office 365

Okta Docs | Active Directory integration