dumpspedia logo
Regarding policies, Okta recommends:
Solution: To include a policy rule that catches not wanted behaviors as a first priority and then label others for permitted behaviors
Can you map the Okta user ID as an Office 365 Immutable ID?
Solution: Not possible and not intended to be possible as it cannot work like this
There might be specific AD attributes, which - apart from others - do not appear in the Okta user profile. Can those extra attributes be mapped and provisioned towards an app?
Solution: No, it is not possible as Okta queries the whole AD schema and retrieves everything that it's able to
If you want to remove an attribute's value in Okta, for example a value coming from AD that is not useful in any way, you have to:
Solution: Simply delete the attribute from the Okta Admin Panel GUI
With Okta you federate the 'Office 365 tenant name' (which is the default Microsoft domain you have) or the 'Office 365 domain'?
Solution: You federate with Okta only the 'Office 365 tenant name'
The SCIM protocol is
Solution: An application-level REST protocol
What does SCIM stand for?
Solution: System of Cross-scripting-domain Identity Management
Which of the following is / are Okta required attributes?
Solution: sAMAccountName
How can SAML provision attributes via JIT? Or even create users?
Solution: By including specific information in the GET API call
With agentless DSSO (Desktop Single Sign-on), you still have a need of deploying IWA Agents in your Active Directory domains to implement DSSO functionality.
Solution: The statement is false
In Okta's KB articles the set of functions under the 'Provisioning' concept are referred to as CRUD. This is a concept you also meet when referring to CRUD APIs. What about its meaning here, in Okta's vision?
Solution: In 'Provisioning', CRUD stands for Create, Read, Update, Delete
Which port and which of the: 'http' or SSL enabled connections does Okta recommend?
Solution: Port 80 and SSL enabled connections
As an Okta admin, when you implement IWA, you have to know how to successfully test it to see if it's working. For this you:
Solution: Paste into a browser configured for DSSO the IWA redirect URL along with '/authenticated.aspx' after it, hit 'Enter' and check the message returned
When you call a GET API call for users / groups / and other such objects, the response is usually Paginated, in case these are a lot of objects returned. What do you do in order to retrieve all objects?
Solution: You call the very same API multiple times, till the response will be empty
Okta AD Agents can be successfully and completely configured by:
Solution: Organization administrators
With Okta Retention Policy, App generated data and reporting based on log data older than how many months is automatically removed (not considering the Backup Data)?
Solution: 6 months
Which is a / are best-practice(s) in a SAML 2.0 situation?
Solution: To not link your admin user from the SP via SAML with a user from Okta, if the app (SP) does not provide a SAML bypass URL
Speaking of Okta Template App and Okta Pluin Template App, which of the following RegEx can you create for an allow list of URLS so that both endpoints for /login or /change_password are accepted under example.com domain?
Any ...
Solution: Office 365 Global Administrator
With agentless DSSO (Desktop Single Sign-on), you still have a need of deploying IWA Agents in your Active Directory domains to implement DSSO functionality.
Solution: The statement is true, but not for the part about: the deployment of IWA Agents into Active Directory domains. The IWA Agents can now be deployed on whichever machine, it's a unique functionality that only agentless DSSO has and not on-prem DSSO.
Which of the following is / are true?
Solution: If an MFA factor is set to 'required' and another MFA factor set to 'disabled', then users can choose between the two factors when enrolling, but then can use only the first one for successful logins
When using Okta Expression Language, which variable type results out of this Okta Expression? isMemberOfGroup("groupId")
Solution: Graph
Which of the following is / are true?
Solution: If an MFA factor is set to 'required' and another MFA factor set to 'optional', then users can enroll into both factors, but then can use only the first one for successful logins
Does Okta require an Agent to sit in-between Okta to SCIM-enabled app on premises requests?
Solution: Yes, an Okta Application Integration Agent
How can SAML provision attributes via JIT? Or even create users?
Solution: By including specific information in the assertion
When a user signs out of Okta, if they are using IWA, they'll be redirected to the Sign In page and without inputting credentials they'll be signed back in
Solution: Statement is false, as this would represent a security concern
The SCIM protocol is
Solution: An application-level SAML protocol
In an agentless DSSO (Desktop Single Sign-on) scenario Okta is the one decrypting the Kerberos ticket, finds then the user name, authenticates the user and passes back a session to the browser.
Solution: The statement is entirely valid
In an SP-initiated SAML 2.0 flow, the SP will never redirect to Okta if the session is already active
Solution: It will always redirect to Okta and in this case only - will promt the user for re-authentication by manually entering Okta credentials
After you turn on Desktop SSO, a default DSSO related routing rule is created. You must configure the network information for this rule.
Solution: You have nothing to do and even the rule is by default set to "Active"
You just re-enabled IWA DSSO and notice it's not behaving as it should. What is an aspect you should keep in mind?
Solution: That when re-enabling IWA DDSO the Identity Provider (IDP) routing rules must be manually reactivated
As an Okta admin, when you implement IWA, you have to know how to successfully test it to see if it's working. For this you:
Solution: Open up a command prompt and ping the Okta server handling the requests, information about the server found in Okta IP tables for your own org's Cell
TESTED 18 May 2024