Post on 17-Aug-2015
Application Training and
Briefing3 Jun 15
What is OKTA?
The goal of OKTA is to provide:
1. Single sign-on for web applications2. Centralized Security3. Single point of access for all web applications
In this, we’re going to be mostly concerned with the administration side of OKTA, the publishing of applications, and he security side.
There’s also more than a few reports we can generate out of it, and we’ll take a quick look at that as well.
https://otterproducts.okta.com/app/UserHome
In addition to accessing apps assigned to me . . .
If I click on my name, and go down to settings . . .
. . . I can change personal info.
**********************
**********************
**********************
I can also change my windows password . . .
. . . And I can change my security image.
You can edit you “Forgotten Password” question . . .
Provide yourself with some multi-factor authentication . . .
Change your display language (haven’t tried this).
Couple of other things on the home page . . .
Home take you to the application page . . .
This let’s you know about your account status . . .
And when you download the “Okta Plug in” . . .
You get a pull down of all the apps assigned to you . . .
We’re mostly interested in the admin piece here, so if you’re an Administrator, you’ll have another button labeled “Admin”.
Click it!
A word about Administrators . . .
There’s four kinds . . .
• Super: Can publish apps, add Administrators, do upgrades, and so on . . .and do so on an Enterprise level
• Organization: Limited to specific domains, and in some cases even OUs, but can still publish Apps, add users and so forth.
• Application: Can add users and make changes only to Applications they’re responsible for.
• Read-only: Like it says. ‘Nuff said.
Dashboard gives a quick look at what’s
going on, and shortcuts to tasks
and reports . . .
Directory give access to
people, groups, and AD
integration
Applications is where apps are
created and users assigned . . .
Security handles just that, security
settings, and this also where
Administrators are assigned
Reports is just that. You can do things like
suspicious activity, users activity, and etc. . .
Settings is mostly admin stuff like
things notifications of lockouts, who to
call, etc . . .
To Add an Application . . .
First off . . .
• Not all applications are created equally . . .
• Some work with Active Directory
• Some require an account/password created by a third party
• Some may not even be worth doing in OKTA
To add an application . . .
Click “Applications”
. . . And then click “Add Applications”.
There are hundred of prebuilt Templates, some by OKTA, others by OKTA community users. If
you know the name of your app, you can search for one simply by typing in the name in the
search bar.
Spiceworks
This one is simple . . .
Select users or Groups . . .
Click done . . .
Once done, you can click the App, add people and or groups . . .
Trick of the Trade: to select users assigned Place the checkmark in the box at the top . . .
Then click “Confirm Assignment . . .
Next time the user logs in, they’ll get notice of a new App assigned them . . .
Other apps . . .
There are some that are a bit more complicated, and the majority of these involve paid for apps.
These will required some degree of coordination with however we “Subscribe” to.
Term I’m hitting you with: SAML!
• Security Assertion Markup Language (SAML, pronounced sam-el[1]) is an XML-based, open-standard data format for exchanging authentication and authorization data between parties, in particular, between an identity provider and a service provider.
Anatomy of an App that will play with SAML . . .
Info the vendor will probably have to give you . . .
Type of template used, and this info is what you’ll have
to five them . . .
The vendor will usually have to take information provided here (like the certificate data) and put it in their end.
This is part of what makes this possible.
Quick Look Actual reports
And that, in a nutshell, is OKTA . . .
QUESTIONS?