Application Training and

Briefing3 Jun 15

What is OKTA?

The goal of OKTA is to provide:

1. Single sign-on for web applications2. Centralized Security3. Single point of access for all web applications

In this, we’re going to be mostly concerned with the administration side of OKTA, the publishing of applications, and he security side.

There’s also more than a few reports we can generate out of it, and we’ll take a quick look at that as well.

https://otterproducts.okta.com/app/UserHome

In addition to accessing apps assigned to me . . .

If I click on my name, and go down to settings . . .

. . . I can change personal info.

**********************

**********************

**********************

I can also change my windows password . . .

. . . And I can change my security image.

You can edit you “Forgotten Password” question . . .

Provide yourself with some multi-factor authentication . . .

Change your display language (haven’t tried this).

Couple of other things on the home page . . .

Home take you to the application page . . .

This let’s you know about your account status . . .

And when you download the “Okta Plug in” . . .

You get a pull down of all the apps assigned to you . . .

We’re mostly interested in the admin piece here, so if you’re an Administrator, you’ll have another button labeled “Admin”.

Click it!

A word about Administrators . . .

There’s four kinds . . .

• Super: Can publish apps, add Administrators, do upgrades, and so on . . .and do so on an Enterprise level

• Organization: Limited to specific domains, and in some cases even OUs, but can still publish Apps, add users and so forth.

• Application: Can add users and make changes only to Applications they’re responsible for.

• Read-only: Like it says. ‘Nuff said.

Dashboard gives a quick look at what’s

going on, and shortcuts to tasks

and reports . . .

Directory give access to

people, groups, and AD

integration

Applications is where apps are

created and users assigned . . .

Security handles just that, security

settings, and this also where

Administrators are assigned

Reports is just that. You can do things like

suspicious activity, users activity, and etc. . .

Settings is mostly admin stuff like

things notifications of lockouts, who to

call, etc . . .

To Add an Application . . .

First off . . .

• Not all applications are created equally . . .

• Some work with Active Directory

• Some require an account/password created by a third party

• Some may not even be worth doing in OKTA

To add an application . . .

Click “Applications”

. . . And then click “Add Applications”.

There are hundred of prebuilt Templates, some by OKTA, others by OKTA community users. If

you know the name of your app, you can search for one simply by typing in the name in the

search bar.

Spiceworks

This one is simple . . .

Select users or Groups . . .

Click done . . .

Once done, you can click the App, add people and or groups . . .

Trick of the Trade: to select users assigned Place the checkmark in the box at the top . . .

Then click “Confirm Assignment . . .

Next time the user logs in, they’ll get notice of a new App assigned them . . .

Other apps . . .

There are some that are a bit more complicated, and the majority of these involve paid for apps.

These will required some degree of coordination with however we “Subscribe” to.

Term I’m hitting you with: SAML!

• Security Assertion Markup Language (SAML, pronounced sam-el[1]) is an XML-based, open-standard data format for exchanging authentication and authorization data between parties, in particular, between an identity provider and a service provider.

Anatomy of an App that will play with SAML . . .

Info the vendor will probably have to give you . . .

Type of template used, and this info is what you’ll have

to five them . . .

The vendor will usually have to take information provided here (like the certificate data) and put it in their end.

This is part of what makes this possible.

Quick Look Actual reports

And that, in a nutshell, is OKTA . . .

QUESTIONS?