Identity and Access Management |
25% |
Advanced Directory Integration
- Demonstrate in-depth understanding of the process to manage delegated authentication with AD and LDAP using Okta agents
- Demonstrate in-depth understanding of the process to manage Okta AD and LDAP agent architecture and best practices
- Demonstrate in-depth understanding of the process to manage Okta agent service account and permissions needed for agents and in directories for password reset
- Demonstrate in-depth understanding of the process to import and manage users coming from AD, LDAP or stored directly in Okta
- Demonstrate in-depth understanding of how the Okta password sync agent works
- Demonstrate knowledge of why Okta/AD password policy should match or exceed the AD policy
- Demonstrate knowledge of why multiple Okta/AD password policies might be needed
- Demonstrate knowledge of user activation options when using AD as a source
Single Sign-On (SSO) Federation
- Demonstrate knowledge of how to use the Application Integration Wizard
- Demonstrate knowledge of how to configure Okta as a service provider
- Demonstrate understanding of the SAML assertion
- Demonstrate knowledge of how to set up a template application
- Demonstrate in-depth understanding of how to deploy the SWA plug-in and configure related options in Okta
- Demonstrate understanding of how Okta supports non-OIN applications
- Demonstrate knowledge of the security advantages and caveats in using SAML
- Demonstrate knowledge of the configuration of OIN
- Demonstrate knowledge of the configuration of OIN apps, including when to use templates for integrating applications
Desktop SSO deployment
- Demonstrate knowledge of how to deploy on-premises Okta Desktop SSO/IWA, including the requirements for Desktop SSO/IWA
- Demonstrate knowledge of user experiences when in zones with Desktop SSO/IWA
Hybrid SaaS strategies and challenges
- Demonstrate knowledge of how Okta can provision users and groups to OIN apps
Architecture
- Demonstrate awareness about high availability on advanced agents
|
User Lifecycle Management |
25% |
Profile sourcing and write-back concepts
- Demonstrate knowledge of HR as a source including the benefits of groups and group rules when using an external source
- Demonstrate knowledge of when profile sourcing is used
- Demonstrate knowledge of when attribute level sourcing is used
- Demonstrate knowledge of the value of writing data back to directories and apps from Okta
- Demonstrate knowledge of working with multiple profile sources
- Demonstrate knowledge of the requirements of Okta lifecycle management and the ability to write to applications
- Demonstrate in-depth knowledge of how to configure Okta user profiles, application profiles, and directory profiles
- Demonstrate understanding of the process to create custom attributes in UD
- Demonstrate in-depth understanding of the process to create profile mappings
Managing Identities using Universal Directory
- Demonstrate knowledge of the process to use the Okta Expression Language to transform data while mapping data with the Profile Editor
- Demonstrate knowledge of the process to use the Okta Expression Language to create a custom username
- Demonstrate knowledge of migrating from AD to cloud management of users
Provisioning
- Demonstrate knowledge of the different ways that Okta can perform lifecycle management against apps
- Demonstrate knowledge of the typical flow of user registration/onboarding, updates, and deprovisioning
- Demonstrate knowledge of how Okta can push groups to various apps
Self-service
- Demonstrate knowledge of the process to manage user's ability to reset self-service password with Active Directory-sourced users or Okta-sourced users
- Demonstrate knowledge of application request workflows and entitlement options
|
Security |
25% |
Okta Security Policy and Enforcement Framework
- Demonstrate knowledge of the process to manage application level MFA and rules
- Demonstrate knowledge of the process to manage the Okta Sign-on policy including adaptive MFA policy
- Demonstrate understanding of the process to configure password policies for Okta-sourced users
- Demonstrate understanding of the process to configure password policies for Active Directory-sourced users
- Demonstrate understanding of how Okta can support legacy MFA solutions
- Demonstrate knowledge of the different security postures with MFA factors
Okta Security Policy and Enforcement Framework
- Demonstrate knowledge of the process to manage application level MFA and rules
- Demonstrate knowledge of the process to manage the Okta Sign-on policy including adaptive MFA policy
- Demonstrate understanding of the process to configure password policies for Okta-sourced users
- Demonstrate understanding of the process to configure password policies for Active Directory-sourced users
- Demonstrate understanding of how Okta can support legacy MFA solutions
- Demonstrate knowledge of the different security postures with MFA factors
Admin Access Control
- Demonstrate knowledge of admin roles
- Demonstrate knowledge of admin roles
|
Monitoring and Troubleshooting |
15% |
Logging and Reporting
- Demonstrate understanding of Okta logging
- Demonstrate ability to interpret Okta log files
- Demonstrate knowledge of the logging options available for Okta agents
- Demonstrate knowledge of the troubleshooting options for each Okta agent/plug-in
|
API Functions |
10% |
Token Management
- Demonstrate knowledge of how to create API tokens with the correct permissions
API Extended Functions
- Demonstrate knowledge of the importance of API rate limiting
- Demonstrate knowledge of the use cases for Okta Management APIs, API-AM, and API products
- Demonstrate understanding of the importance of service accounts when using Okta API
|