Contact : sayedidam@gmail.

com
Identity & Access Management Concepts
❖ Auditing and Reporting
❖ IAM basic terms (User, Groups, Identity, Accounts, Role,
❖ Certifications & Attestations — Validation and re-authentication
Entitlements, workflow, policies, Rules, tasks, Password
of Identities over regular interval.
Management, Self Service etc.)
❖ Access Management
❖ CIA Triad — Confidentiality, Integrity and Availability.
❖ Authentication vs Authorization
❖ Life Cycle Management (JML — Joiner, Mover & Leaver,
❖ Single Sign On — Securely authenticate with multiple
Provisioning/Deprovisioning)
applications and websites.
❖ Privilege Access management — Managing
❖ Multi factor Authentication (MFA) , Sign On Policies
Elevated/Admin/Root privileges within your organization, and
❖ SAML(Assertions and SP and Idp flow) — Authentication
enhanced control of its usage.
protocol.
❖ Role Based Access Control (RBAC) — Grouping of Users into
❖ WS — Fed, SWA ( Proprietary Authentication Protocols )
Role, and assigning permission on Role instead of individual
❖ Identity Federation — Delegating an individual’s or entity’s
users.
authentication responsibility to a trusted external party.
❖ Segregation of Duties (SoDs) — Ever heard of a nuclear code
❖ OAuth (Authorization)and OIDC (Authentication )
distributed among two Military Generals, so that probability of
❖ Access Governance
compromised access can be reduced, and can be triggered only
❖ SCIM — System of Cross-Domain Identity Management. It
by two sane person. : ) . In usual IAM world, SoDs is all about
allows allows for the automation of user provisioning.
isolating permissions and collective implementation.
❖ Zero Trust Authentication — Continuous validation of security
❖ Delegation of Administration
configuration and posture for all users, even those inside the
❖ Data Reconciliation
organization’s enterprise network, to be authenticated and
❖ Compliance
authorized.

Contact : sayedidam@gmail.com
 What is Okta Identity Management ?

Identity Aggregation Single Sign-On

● Okta gives you one place to manage your users and user data. Users can come from any number of
sources, including integrations with third party apps and user stores.
● Publish your application to the Okta Integration Network (OIN) catalog, enabling millions of Okta
users to discover your application and access it using single sign-on (SSO).
● Okta makes authorization easy by helping you control what users have access to in your
application or API.
● Get scalable authentication built right into your application without the development overhead,
security risks, and maintenance that come from building it yourself. Okta API allows teams to deploy
user authentication to your application in a matter of minutes – not days.
● Get quick and robust authentication by adding one of Okta SDKs to app or API service.
Source : Okta
 Course Structure
Module # 1 : Module # 4 :
Module # 2 : Module # 3 :
Okta Architecture & Application
Universal Directory Okta Security
Integration Integration

Module # 5 : Module # 7 :
Module # 6 : Module # 8 :
Okta API Monitor Okta
Directory Integration Advance Topics
Management Organization

Contact : sayedidam@gmail.com
 Module # 1 : Okta Architecture &
Integration
Topics Labs
❖ Architecture Overview and Components 1. Walkthrough of various other Cloud IAM ( AWS, GCP IAM) vs
❖ Okta SaaS Env, Releases/Versions, Support Types. Okta.
❖ Okta Integration Network (OIN), SWA 2. Getting acquaintance with various Okta Tenants - Preview,
❖ SAML, OpenID, OAuth 2.0, WS Fed. Production & Developer.
❖ Users ( Internal & External Users ) 3. Okta Release Cycles - Beta, Early Access (EA), General
❖ Groups, Roles Availability ( GA )
❖ Security, Health Insights. 4. Okta Data Flow
❖ Applications Integration 5. Okta Interfaces and Consumption Model.
❖ Authorization Server & API Management, Scopes & Claims 6. Online Public Documentation
❖ Access Policy 7. Proprietary vs Open Standards Protocols.
❖ Logs 8. Administration - Manage Administrator roles and assign
❖ SCIM Permission
❖ Advanced Server Access 9. Okta Verify, Okta Mobile, Okta End User Dashboard, Okta
❖ Inline Tokens, Event Hooks, Workflow Automation. Browser Plugin.
❖ API Management 10. Org Customization, Options. ( Custom Page, Okta-hosted
❖ Okta Support Forums Sign-in page, Custom Error page )

Contact : sayedidam@gmail.com
 Module # 2 : Universal Directory
Topics Labs
❖ Create Users in Okta - Manual & CSV. ( End Users & Admin Users ) 1. Create Users Manually
❖ Manage Users, Groups and Profiles. 2. Create Users via CSV
❖ Custom Profiles, Attributes 3. Various Users Status, and Activation Flow.
❖ Overview of User Schema & Custom Schema. 4. Create Users via API ( Postman )
❖ User Experience. 5. Create Admin Users Types & Roles.
❖ Profiles. 6. Create API Tokens.
❖ Okta Expression Language 7. Create Multiple Users Types.
❖ User Authentication & Authorization Flow 8. Session Management
❖ User Lifecycle Management 9. Self Service & User Self Registration
❖ End user self-service capabilities and how they are used. 10. Bulk Uploads
❖ Session Management, Session Cookie, Extend Session & Refresh 11. Group Rules, and automation membership.
Session 12. Configuring Password Policies
❖ Manage and use self-service password reset, account unlock, and 13. How to setup a baseline, and how to setup custom rules
multifactor authentication (MFA) enrollment/reset. for different use-cases w.r.t password policies.
❖ Underlying Architecture of Universal Directory, Licensing requirements. 14. Application vs Console Password Policies.
15. Integrating with Sign-On policies.

Contact : sayedidam@gmail.com
 Module # 3 : Okta Security
Topics Labs
❖ Okta Policy Framework 1. Setup Various Policies
❖ Sign-On Policy a. Sign-On Policy
❖ MFA Policy b. MFA Policy ( Org & App Level )
❖ Password Policy c. Password Policy
❖ IdP Discover Policy d. IdP Discover Policy
❖ OAuth Authorization Policy e. OAuth Authorization Policy
❖ Multi-factor Authentication ( Select the factors, Factor Enrollment, 2. Network Zoning & Security
Enforce the Policy) 3. Setting up Private & Public Applications
❖ End Users 4. Protect against DDoS Threats
❖ Admin Users 5. Track Okta Access
❖ Zones, Network Zones a. Application Usage
❖ Password Policies b. Account Policies
❖ Password Policy Rules c. Import Activity
❖ LDAP Interface d. Lifecycle Activity
❖ Provide access to different delegation admin roles. e. Provisioning Activity
❖ Explain all the admin roles and how they can be combined. f. Authentication Activity
❖ Differentiate admin roles based on the skills. g. Application Access
❖ Rate Limits 6. Risk Scoring, Behavior Detection, Security Policies.

Contact : sayedidam@gmail.com
 Module # 4 : Application Integration
Topics Labs
❖ Overview of various Authentication & Authorization Protocols 1. Understanding Client ID & Client Secret Concepts
➢ SAML, 2. Setting up various application types, and how Okta
➢ WS-FED, interacts with them ( Web, SPA, Mobile Apps, Browser
➢ SWA, Plugins )
➢ OIDC Connect 2.0. Various Flows in OIDC, JSON Token 3. Setting up SAML 2.0 Integration, understanding
➢ OAuth 2.0 Types of Tokens, various components - assertions, claims.
➢ Authorization server and configuration, Scopes, Profiles. 4. Troubleshooting SAML Authentication Flow.
❖ What is Federation, and how it works.? Federated Identity. 5. Setting up Custom Application ( OIDC Connect )
❖ What are Identity Provider & Service Provider, IdP Initiated vs Service 6. Scopes
Initiated Flow 7. Claims
❖ Understanding of the SAML Components, assertion, protocols, bindings 8. Access Policies
& profiles. 9. Troubleshooting Custom Authentication Flow.
❖ How to set up a template application 10. Understanding OAuth Flows ( Authorization Code
❖ What is Okta Integration Network ( OIN ) Grant, Client Credentials, Implicit Grant, PKCE,
❖ Integration of custom applications & SDKs. 11. SDK Integration
❖ Provisioning in Applications, Push Groups. 12. Setting up SWA ( Secure Web Authentication )
❖ Integration of various application identities. 13. Setting up Native App ( OpenID Connect )
❖ Setting up Single Sign-On across various application landscape. 14. Setting up SPA ( Single Page Application )
❖ Setting up application login trail, and how Okta helps in establishing
Authentication & Authorization framework.
 Module # 5 : Okta API Management
Topics Labs
❖ What is Authorization Server? 1. Setting up API Token
❖ Issuer, MetaData URL 2. Downloading Postman Collection
❖ Signing Key Rotation 3. Setting up Env & Variables, Domain, Import/Export of Collection,
❖ Default vs Custom Authorization Server Find IDs.
❖ Scopes - Default, User Consent 4. Automating Admin Tasks.
❖ Claims - Including in Token Types, Associate with Claims. 5. Utilizing Rest APIs :
❖ Access Policy & Rules, associating with Clients, Grant Types, a. Users
defining Token lifetime. b. User Types
❖ Token Preview c. Groups
❖ API Tokens d. Policies
❖ Trusted Origins, CORS, Redirects e. Schemas
❖ Generating API Token, permission, validity. f. Authorization Servers
❖ Public vs Private APIs g. Administrator Roles
❖ Okta Rest APIs & Okta Rest API Architecture 6. Okta Expression Language
❖ API return Codes & Errors. 7. System Logs
❖ Rate Limits 8. Dynamic Client Registration
 Module # 6 : Directory Integration
Topics Labs
❖ Active Directory 1. Install and configure the Okta AD/LDAP Directory agent.
❖ LDAP Integration ( Supported LDAP Products ) 2. Configure Okta as a service provider, and overview of Identity
❖ CSV Directory Integration provider Flow.
❖ LDAP Interface 3. Manage delegated authentication with AD and LDAP using Okta
❖ Installation of Agents agents.
❖ Provisioning 4. Import and manage users coming from AD, LDAP or stored
❖ Imports ( All, No, Exact, Partial ) directly in Okta
❖ Delegated Authentication 5. How the Okta password sync agent works
❖ Managing Multiple Agents. 6. Setting up :
❖ Profile Masters a. Simple and Secure Setup and Configuration
❖ Configure password policies for Okta mastered users b. Real-time provisioning
❖ Configure password policies for Active Directory mastered c. Intelligent user synchronization
users. d. Just-in-time user provisioning
❖ Overview of : e. Robust delegated authentication
❖ Simple and Secure Setup and Configuration, f. Integrated desktop single sign-on (SSO) (AD only)
❖ Real-time provisioning, g. Self service password reset support (AD only)
❖ Intelligent user synchronization, h. Security group-driven provisioning
❖ Just-in-time user provisioning, i. Automated one-click deprovisioning
❖ Robust delegated authentication, j. Single sign-on for directory authenticated apps
❖ Integrated desktop single sign-on (SSO) (AD only), 7. Overview of Profile Mastering, and Synchronization Policies
❖ Self service password reset support (AD only)
Module # 7 : Monitor Okta Organization

Topics Labs
❖ Understanding of Okta logging. 1. Configuring logging option.
❖ Interpreting Okta logging resources. 2. Okta Usage
❖ Explain the logging options available, in depth troubleshooting, a. Auth Usage
security, and auditing. b. Application Access Audit
❖ Identify where logs are located based on the operating system. c. MFA Usage
❖ Log Events, and integration with Event Hooks d. Suspicious Activity
❖ Run and interpret system logs. e. SMS Usage
❖ Application interaction, and how to help developers with Okta 3. Setting up Custom Reports
integration and troubleshooting. ( redirect_uri, tokens, user 4. Using Filters, and setting up monitoring policies
validation ) 5. Tracking various Error Codes
❖ Help & Support, raise tickets. Check health status. 6. Setting up Notification ( Everyone, Groups and Users )
❖ Notification 7. Handling Downtimes for applications.
❖ How to create a monitoring framework using Okta REST APIs 8. How to establish a process of monitoring Okta Using REST
framework. ( Examples ) APIs
➢ Get List of Locked out users 9. Manage User Lifecycle
➢ Get List of Password Expired Users 10. Manage User Membership
➢ Get user sessions. 11. How to delegate Application Users to manage their users.
➢ Clear user Sessions. 12. How to reset bulk user passwords.
13. Build monitoring automation around API Framework
 Module # 8 : Advanced Topics
Topics Labs
❖ Difference between Okta reports and syslogs. 1. Configuring Okta via Terraform ( Infra-as-Code)
❖ Security impact of granting management API tokens. 2. AWS Cognito Overview and Authentication.
❖ Configure Custom applications in OKTA, overview of SDK. 3. Integrating Okta within DevOps Pipeline.
❖ Utilizing Terraform ( IaC ) to setup Okta Resources. 4. Overview of Okta integration with various Cloud Providers, and
❖ Integration with AWS Cognito & AWS how to establish SSO.
❖ OKTA CLI 5. Utilizing API Client Tools ( https://httpie.io/ ),
❖ Defining Okta Architecture for Data Privacy and Geo Restriction 6. Introduction to various OAuth Use-cases ( Playground, PKCE)
( GDPR, ITMS ). Understanding Security requirements. 7. Applications
❖ Preparing Okta for compliance Readiness, and managing within 8. Data
your desperate landscapes. 9. API Usage
❖ Comparing Okta vs Other Access Management Solution. 10. Making your Okta Implementation and Robust
❖ How multiple Access Management can coexist, and setting up a. Securing Okta Tokens
inbound federation, and centralized Identity user store. b. Utilizing PKCE Implementation
❖ Architect Application Security framework, and how Okta works c. Utilizing Third-party monitoring tools to create alerts (
with other Cloud Providers to protect underlying application ELK )
framework. 11. Next Step : Getting into Web Security, JavaScript Framework.
❖ An overview of Hooks, Advance Server Access & Access 12. Implicit vs PKCE Flow ( Link )
Gateway. 13. Okta Access Gateway ( Link )
 100 Questions to be discussed..
● What is Okta?
● What are various protocols Authentication protocols
supported by Okta?
● How do you create users, groups and applications?
● How do you enable logging? Various reporting
available? How to use filters ?
● How to enable password policies?
● How to configure enable MFA for users?
● How to disable MFA ?
● What are various ways to login and interact with
Okta?
● I have deleted a users, and there are too many logs
to look through, how can I find how users where
created and deleted in a specific period?
● What are various versions in Okta?
● How do you raise a support ticket?
● How to check the status of Okta?
● What are various support priority and plans within
Okta?
● Tell me various functionalities available within
Okta?
● What is SSO, and how it differs from Federation?
● I have a Java, or JavaScript application, how can i
put authentication and authorization?
● Can I integrated with my API with Okta? if yes,
how?
● What are different profiles within Okta?
● How do you reset password in Okta?
● As an Admin, can I go reset a user's password, and
go undetected? If yes, then how?
● How can I notification to a set of users?
● What is a group rule? How it helps?
● How do I authorize user to an application?
● … and many more question to be discussed.
Contact : sayedidam@gmail.com