Show Menu
Cheatography

Okta Features Cheat Sheet by

SINGLE SIGN ON (SSO)

About SSO
SSO refers to the ability to access multiple systems by only logging in once into one system known as the Identity Provider
Okta Integr­ation Network (OIN)
Over 6000 pre integrated apps ready for SSO through SAML, OIDC and WS FED
Desktop SSO
Logging in to your computer automa­tically logs you into Okta
Mobile SSO
Using the Okta mobile app to access your work apps right from your phone without the need to sign into each app indivi­dually
MFA & SSO
Prompt for MFA per applic­ation, recomm­ended for applic­ations with access to sensitive inform­ation
Radius Authen­tic­ation
Okta supports the ability to handle Radius authen­tic­ation requests from various Radius apps such as Cisco VPN
PIV card auth
Use Personal Identity Verifi­cation (PIV) Creden­tials to enable Passwo­rdless Authen­tic­ation
Custom URLs
Ability to set up vanity URLs for your Okta tenant
Active Directory / LDAP Integr­ation
Use your AD creden­tials to login to Okta with password synchr­oni­zation or password delegation to your directory
SIEM Integr­ations
Robust data logs that allows for seamless integr­ation to Security Inform­ation and Event Management systems

ADAPTIVE SINGLE SIGN ON

Adaptive SSO includes all SSO features plus the following:
Location context
Restrict or allow access to applic­­ations based on location
Device context
Restrict or allow access to applic­­ations based on device, for example deny mobile logins
Network context
Restrict or allow access to applic­­ations based on defined network zones
Risk-based Authen­­ti­c­ation
Restrict or allow access to applic­­ations based on the calculated risk a user poses

LIFECYCLE MANAGEMENT (LCM)

About LCM
LCM is the ability to manage a user from start to finish. This means creating, updating and deleti­ng/­dea­cti­vating users at the right time in an automated fashion.
Auto Provis­ion­ing­/De­pro­vis­ioning for OIN Apps
Manage accounts in external applic­ations entirely, Creation, Update and Deletion all automated
Active Direct­ory­/LDAP Integr­ations
Robust integr­ation with Active Directory or LDAP Directory for Lifecycle manage­ment: complete ability to Create, Read, Update, Delete (CRUD) users in both directions all automated
Office 365
Manage accounts in Office 365 applic­ations entirely, including license management all within Okta as an automated process
Lifecycle States
Lifecycle states make it possible to automate the process, when a user changes lifecycle state, access to other apps can be grante­d/r­evoked, accounts can be create­d/d­eleted or updated, all as an automated process
Group Management
Manage applic­ation groups within Okta by matching, creating or updating groups in your applic­ations, all as an automated process
Access Request Workflows
Take the burden off of IT by allowing users to request access to applic­ations on their own and setting who approves the access
Real time Reporting
See system tasks such as creation, update, deletion of users in Okta and connected applic­ations in real time
Attribute Mapping and Transforms
Select exactly what data flows in both Directions between Okta and your connected Applic­ations, need to format the data in a specific format? All doable in Okta
Mastering from a System of Records
Ability to select one or multiple author­itative sources of data, for example Active Directory or an HR system such as Workday

Advanced Lifecycle Management

Advanced LCM includes everything from LCM plus the following:
Automa­tions
Policy for automa­tically suspen­ding, deacti­vating or deleting users based on date based conditions and triggers. For example a contract expiration date
Built-in standa­rds­-based provis­ioning (SCIM)
Connect to applic­ations through a SCIM based connector
On-prem provis­ioning SDK
Software Dev Kit to manage users in on-prem applic­ations not in the OIN

INBOUND FEDERATION

Inbound SAML
Ability to have an external identity provider
Just-i­n-time provis­ioning
Okta automa­tically creates users on the fly when they first attempt to login and an account doesn’t exist
 

MULTIF­ACTOR AUTHEN­TIC­ATION (MFA)

About MFA
MFA is a secured 2nd factor of authen­tic­ation on top of the standard method of username and password
Security Questions
Predefined set of questions that the user knows the answer to used as a second factor of authen­tic­ation
Okta Verify OTP
Mobile app (iOS and Android) that generates a One Time Password (OTP) used as a second factor of authen­tic­ation
Okta Verify with Push
Mobile app (iOS and Android) that sends a push notifi­cation to your phone to approv­e/deny the login attempt, used as a second factor of authen­tic­ation
Email as a Factor
Email sent out containing a One Time Password (OTP) used as a second factor of authen­tic­ation
SMS
One Time Password (OTP) sent your phone as an SMS message used as a second factor of authen­tic­ation
Voice
Receive a One Time Password (OTP) through a phone call used as a second factor of authen­tic­ation
U2F
Physical device that is inserted into the computer used as a second factor of author­ization
3rd Party Factors
Google Authen­tic­ator, DUO, Symantic VIP, RSA Token and YubiKey
Windows Hello
Windows Hello allows for passwo­rdless 2nd factor authen­tic­ation by simply authen­tic­ating using windows device with your finger­print, iris scan or facial recogn­ition
Apple Touch ID
Passwo­rdless 2nd factor authen­tic­ation using your finger­print to approve push notifi­cations right from your lockscreen

ADAPTIVE MULTIF­ACTOR AUTHEN­TIC­ATION

Adaptive MFA includes all MFA features plus the following:
Specified IP Address
Ability to configure MFA for logins only from trusted network zones defined by you
Location Context
Ability to configure MFA when a user logs in in a new city, state, or country
New geo-lo­­cation
Ability to configure MFA when a user logs in from an entirely new location
Impossible travel patterns
Ability to configure MFA if the calculated velocity between login locations and times exceeds a defined limit
New device
Ability to configure MFA when a user logs in from a new device, such as a laptop or cellphone
Managed device
Ability to configure MFA when a user logs in from a pre registered managed device through solutions such as mobileIron
New IP
Ability to configure MFA when a user logs in from a new IP address
Network Anonym­izers
Ability to configure MFA when a login originates from a proxy or tor connection

UNIVERSAL DIRECTORY

Cloud Directory
Manage your users entirely from the cloud by having Okta be the author­itative source of data where a user’s lifecycle starts and ends
Active Direct­ory­/LDAP Integr­ations
Robust integr­ation with Active Direct­ory­/LDAP to import and manage users in both directions
Custom Attrib­ute­s/F­ields
Customize the schema of attributes users have to have data rich users
Custom Mapping and Transforms
Ability to transform data to be in an specific format for provis­ioning accounts or federation
Cloud based LDAP authen­tic­ation
Delegate authen­tic­ation to your directory, users only need to know one password

API ACCESS MANAGEMENT

Okta Threat­Insight
Adaptive tool that learns about login behavior and provides inform­ation on potential security risks
OAuth 2.0 and OIDC compliant
Okta is a certified OIDC and OAuth 2.0 provider
Central access and author­ization management
Allows your custom applic­ations to use Okta as an Author­ization Server shifting the workload to Okta instead of your custom applic­ations
 

Comments

No comments yet. Add yours below!

Add a Comment

Your Comment

Please enter your name.

    Please enter your email address

      Please enter your Comment.