Can you include / exclude users from specific Network Zones defined in Okta from both Sign On and Password policies?
Solution: Only for Sign On policies you have such granularity
The Okta On-Prem MFA Agent acts as a Radius client and communicates with the RADIUS enabled On-Prem server, including RSA Authentication manager for RSA SecurIDs. This basically allows your organization to leverage Second Factor from a variety of On-Premises multifactor authentication tools.
Solution: The statement is partically true - as it has nothing to do with RSA
In an agentless DSSO (Desktop Single Sign-on) scenario Okta is the one decrypting the Kerberos ticket, finds then the user name, authenticates the user and passes back a session to the browser.
Solution: The statement is entirely valid
In Okta's KB articles the set of functions under the 'Provisioning' concept are referred to as CRUD. This is a concept you also meet when referring to CRUD APIs. What about its meaning here, in Okta's vision?
Solution: In 'Provisioning', CRUD stands for Create, Read, Update, Delete
What does SCIM stand for?
Solution: System for Cross-domain Identity Management
The Okta On-Prem MFA Agent acts as a Radius client and communicates with the RADIUS enabled On-Prem server, including RSA Authentication manager for RSA SecurIDs. This basically allows your organization to leverage Second Factor from a variety of On-Premises multifactor authentication tools.
Solution: The statement is false
Regarding Access Request Workflow, when a user requests an app - he can also include a message to the approver. But you can also designate an approver group.
Solution: Only the second statement is true
As an Okta best-practice / recommendation: Okta encourages you to switch from Integrated Windows Authentication (IWA or DSSO) to agentless Desktop Single Sign-on (ADSSO). Okta is no longer adding new IWA functionality and offers only limited support and bug fixes.
Solution: Only the first statement is true
What does it mean: "Mapping Direction AD to Okta"?
Solution: Indicates a schema of attribute values flowing AD towards Okta
When does Okta bring LDAP groups into Okta?
Solution: Only during an LDAP import
Regarding Access Request Workflow, when a user requests an app - he can also include a message to the approver. But you can also designate an approver group.
Solution: Both statements are true
When a user's Okta password is changed:
Solution: All apps that are Provisioning-enabled and have Sync Password option active under Provisioning settings - will begin to sync the password in respective apps
Once brought into Okta, LDAP roles are represented as:
Solution: Email lists
If you want to remove an attribute's value in Okta, for example a value coming from AD that is not useful in any way, you have to:
Solution: Simply delete the attribute from the Okta Admin Panel GUI
With agentless DSSO (Desktop Single Sign-on), you still have a need of deploying IWA Agents in your Active Directory domains to implement DSSO functionality.
Solution: The statement is true, as agentless DSSO means no AD agents, not no IWA agents
Which is a / are best-practice(s) in a SAML 2.0 situation?
Solution: To not use SAML 2.0 and Provisioning via the same App instance in Okta, but integrate the same SP custom domain via two different app instances in Okta, one for SSO, via SAML 2.0 in this case, and one for provisioning on users
With Okta you federate the 'Office 365 tenant name' (which is the default Microsoft domain you have) or the 'Office 365 domain'?
Solution: You federate with Okta only the 'Office 365 tenant name'
When does Okta bring LDAP groups into Okta?
Solution: During both LDAP import and JIT
When using Okta Expression Language, which of the following will have the output: okta.com
Solution: String.substringBefore("abc@okta.com", "@okta.com")
Copyright © 2021-2024 CertsTopics. All Rights Reserved
