Data
Reader small image

You're reading from  Okta Administration: Up and Running

Product typeBook
Published inDec 2020
PublisherPackt
ISBN-139781800566644
Edition1st Edition
Concepts
Identity Management
Right arrow
Authors (2):
Lovisa Stenbäcken Stjernlöf
Lovisa Stenbäcken Stjernlöf
author image
Lovisa Stenbäcken Stjernlöf

Lovisa has been with Devoteam for over 4 years, working with multiple cloud vendors during that period. Starting out as a Project Manager, gaining certifications within G Suite and Salesforce, it was a natural step to start helping customers with their complete cloud setup, including Okta. Apart from customer work, she also has experience with management, both in resources and budget. With several Okta implementations under her belt and an Okta Professional certification in the bag, she now heads the Okta practice within Devoteam.
Read more about Lovisa Stenbäcken Stjernlöf

HenkJan de Vries
HenkJan de Vries
author image
HenkJan de Vries

HenkJan has extensive experience with Okta, being an Okta partner engineer for over 5 years. With a long history of both implementing and supporting many Okta customers, he understands what long term requirements look like, but also the day to day management within organizations. Currently, he is strategically supporting customers to reach all their Okta potential. HenkJan is a certified consultant and is currently part of the exclusive SME group within Okta. Besides his business-related reach, he also enjoys helping unknown and uncontracted customers on several community boards, and by doing so, he has been named an Okta Advocate in 2019 and an Okta Community Leader in 2020.
Read more about HenkJan de Vries

View More author details
Right arrow

Chapter 3: Single Sign-On for a Great End User Experience

Single Sign-On (SSO) is a very user-friendly feature. But it also has great security benefits that will make any IT administrator happy.

In this chapter, we will look at Okta's SSO functionalities and how they will help your end users. We will look at how you can utilize the Okta Integration Network, but before that, we will look into the different connections you can make with various applications. We will also look at the difference between Okta- and application-initiated sign-on flows, as well as IdP discovery.

We will look at the following topics in this chapter:

  • Using Single Sign-On with Okta
  • Using the Okta dashboard and Okta Mobile app
  • The Okta Integration Network
  • Using Secure Web Authentication applications
  • Using SAML and OpenID Connect applications
  • Managing inbound SSO
  • IdP discovery

Using Single Sign-On with Okta

While we will talk a lot about logging into different types of applications and their security steps, Okta, of course, has its own sign-in options. This is, in general, the cornerstone of every end user's experience. Their sign-on to Okta allows no further password inputs in any application beyond Okta. This first encounter with Okta's SSO ensures that the user has identified themselves according to the setup policies and are now allowed to sign into any integrated applications down the road.

The login process for Okta is straightforward and doesn't ask for any high-level understanding of the process. Signing in is as simple as any other application, but on the backend, you will see that Okta allows for a much more granular methodology, making sure all sign-ins are checked against any policy that has been set up.

Every Okta org is created with an Okta.com subdomain. These subdomains are determined at the moment the contract is signed...

Using the Okta dashboard and Okta Mobile app

Okta gives users a great experience by having a dashboard that all the user's applications are on. End users can arrange which apps go where and they can move them into different tabs to manage their environment even more. Okta's dashboard allows end users to set their personal passwords in applications and change and update these passwords later on. We will go through this in more detail later in this chapter. Depending on the settings, they can possibly also add personal applications through the personal application store, with over 5,000 applications. This only includes applications with passwords, because an end user cannot integrate Okta themselves with other applications using more integrable options.

Figure 3.10 – End user's application dashboard

Once a new application is added, the user will see a notification bubble after they get onto the dashboard. If they don't read it, the...

Simpler administration with Okta Integration Network

For many organizations, a reason to start using Okta is to avoid the upkeep of multiple integrations. This was a problem Okta saw early on, and the Okta Integration Network (OIN) has been an important cornerstone of Okta for a long time. At this time, the OIN is gathering over 6,500 integrations to applications within a variety of product types. What's unique about this collection is that all protocols for SSO and APIs for provisioning are maintained by Okta. Integrations are not only for cloud apps but a collection of on-premise, web-based applications are also represented within these integrations. The integrations are for Secure Web Authentication (SWA), Security Assertion Markup Language (SAML), and OpenID Connect (OIDC) integrations. For applications supporting any of these methods, even if it's on-premise or VPN services, it's possible to integrate with Okta, even though there is no existing integration in the...

Basic integration with Secure Web Authentication

As mentioned earlier, there are a few different kinds of integration, and one of them is SWA. This integration type was created for any application that doesn't support federated authentication. That means that the application does not support or allow an SSO flow where a user's authentication token is trusted across multiple systems or platforms. With SWA, Okta stores a user's credentials in a secure way, with strong encryption and a customer-specific private key. When an end user clicks on the application tile, the credentials are sent to the application login page via SSL. When setting up SWA integration, you can configure the credentials settings in the following ways:

  • The user sets the username and password
  • The administrator sets the username and password
  • The administrator sets the username, the user sets the password
  • The administrator sets the username, the password is the same as the Okta password...

Using SAML and OpenID Connect applications

To fully embrace the capabilities of Okta's SSO, it is recommended to use federation protocols such as Security Assertion Markup Language (SAML) and OpenID Connect (OIDC). Both handle and look at login flows differently, but they share one common feature, they allow an application to delegate their authentication to an Identity Provider (IdP) such as Okta. This means that there is no reason to have a password in your application anymore. The user is no longer responsible for a strong unused password, but the application will refer to the IdP for authentication. We will be looking at both, to see what they have in common and where they differ.

SAML is a framework built upon XML and allows interactions between an IdP and Service Provider (SP), to communicate user authentication, entitlement, and attribute information. The flexibility of the XML allows it be modified and to send different relevant information based on the integration...

Summary

In this chapter, you have been through the different integration methods supported by Okta, and how to integrate your organization's applications using the tools available. For your end users to access these applications via SSO securely, we've also looked into how to set password and sign-on policies and rules. To simplify login and the end user experience, we've also learned about inbound SSO and IdP discovery. We have also lightly touched upon the user dashboard and Okta Mobile application, to see how end users will integrate with Okta on a daily basis.

In the next chapter, we will go into the possibilities around multifactor authentication and the different settings and policies available.

lock icon
The rest of the chapter is locked
Previous Chapter
Chapter 5 of 13
Next Chapter
You have been reading a chapter from
Okta Administration: Up and Running
Published in: Dec 2020Publisher: PacktISBN-13: 9781800566644
© 2020 Packt Publishing Limited All Rights Reserved
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Sign up now
undefined
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Start free trial
Renews at $15.99/month. Cancel anytime

Authors (2)

author image
Lovisa Stenbäcken Stjernlöf

Lovisa has been with Devoteam for over 4 years, working with multiple cloud vendors during that period. Starting out as a Project Manager, gaining certifications within G Suite and Salesforce, it was a natural step to start helping customers with their complete cloud setup, including Okta. Apart from customer work, she also has experience with management, both in resources and budget. With several Okta implementations under her belt and an Okta Professional certification in the bag, she now heads the Okta practice within Devoteam.
Read more about Lovisa Stenbäcken Stjernlöf

author image
HenkJan de Vries

HenkJan has extensive experience with Okta, being an Okta partner engineer for over 5 years. With a long history of both implementing and supporting many Okta customers, he understands what long term requirements look like, but also the day to day management within organizations. Currently, he is strategically supporting customers to reach all their Okta potential. HenkJan is a certified consultant and is currently part of the exclusive SME group within Okta. Besides his business-related reach, he also enjoys helping unknown and uncontracted customers on several community boards, and by doing so, he has been named an Okta Advocate in 2019 and an Okta Community Leader in 2020.
Read more about HenkJan de Vries

Other recommended products

Related to this chapter

Keycloak - Identity and Access Management for Modern Applications

Keycloak - Identity and Access Management for Modern Applications

This book is your guide to learning how to install, configure, and manage Keycloak optimally for securing your applications. With the help of easy-to-follow examples, you will gain a complete understanding of Keycloak's various features and how to enable authentication and authorization in applications using it.

BookJun 2021362 pages
Implementing Identity Management on AWS

Implementing Identity Management on AWS

This book will help you overcome the challenges faced when implementing identity and access management on AWS. You’ll be able to approach the topic from a use-case-driven practitioner’s perspective informed by real-world experience of solving challenges within some of the largest enterprise AWS environments in the world.

BookOct 2021504 pages
Mastering Identity and Access Management with Microsoft Azure

Mastering Identity and Access Management with Microsoft Azure

This book will help you understand how to plan and implement a sustainable IAM strategy. You’ll get hands-on with IAM concepts and various techniques, and gradually gain the knowledge to apply your skills in the real world.

BookFeb 2019698 pages
Zscaler Cloud Security Essentials

Zscaler Cloud Security Essentials

Zscaler Cloud Security Essentials will show you how to leverage the power of Zscaler by jumping right into the design, deployment, and support of a customized Zscaler solution. You'll discover the capabilities of Zscaler through real-world deployment and explore Zscaler Internet Access (ZIA) and Zscaler Private Access (ZPA) in detail.

BookJun 2021236 pages

Personalised recommendations for you

Based on your interests and search pattern

Et al.

Et al.

Ever wonder why speech recognition systems don't understand the Scottish accent, or what would happen if an astronaut only ate mac 'n' cheese, or other spurious reflections you'd have at a bar? We did, then collated those deliberations into absurd research articles with fake figures and methodologies inspired by even more fictionally absurd studies.

BookAug 2023230 pages5
Generative AI with LangChain

Generative AI with LangChain

This book is a comprehensive introduction to LLMs and LangChain, demystifying the basic mechanics of LangChain, its functionalities, and the myriad of applications it can be integrated into.

BookDec 2023360 pages4
Generative AI with LangChain

Generative AI with LangChain

This book is a comprehensive introduction to LLMs and LangChain, demystifying the basic mechanics of LangChain, its functionalities, and the myriad of applications it can be integrated into.

BookDec 2023360 pages5
Generative AI with LangChain

Generative AI with LangChain

This book is a comprehensive introduction to LLMs and LangChain, demystifying the basic mechanics of LangChain, its functionalities, and the myriad of applications it can be integrated into.

BookDec 2023360 pages1
Generative AI with LangChain

Generative AI with LangChain

This book is a comprehensive introduction to LLMs and LangChain, demystifying the basic mechanics of LangChain, its functionalities, and the myriad of applications it can be integrated into.

BookDec 2023360 pages5
Mastering Tableau 2023

Mastering Tableau 2023

This book is a comprehensive resource to mastering your Tableau skills and becoming a BI expert. As you progress, you will learn how to build advanced dashboards and improve your storytelling to derive key business insight, as well as make you well-versed with advanced functionalities of Tableau in the business intelligence domain.

BookAug 2023684 pages
Building AI Applications with ChatGPT APIs

Building AI Applications with ChatGPT APIs

This guide covers all ChatGPT API features for effortless creation of robust AI powered apps. With its help, you’ll be able to leverage ChatGPT’s cutting-edge NLP models to take your app development skills to the next level. You’ll also work on ten exciting projects that will give you the practical know-how that you can apply to your existing applications.

BookSep 2023258 pages5
Building AI Applications with ChatGPT APIs

Building AI Applications with ChatGPT APIs

This guide covers all ChatGPT API features for effortless creation of robust AI powered apps. With its help, you’ll be able to leverage ChatGPT’s cutting-edge NLP models to take your app development skills to the next level. You’ll also work on ten exciting projects that will give you the practical know-how that you can apply to your existing applications.

BookSep 2023258 pages2
Data Engineering with AWS

Data Engineering with AWS

Embark on a journey to master data engineering pipelines on AWS! Our book offers a hands-on experience of AWS services for ingesting, transforming, and consuming data. Whether you're an absolute beginner or someone with basic data engineering experience, this guide is an indispensable resource.

BookOct 2023636 pages5
Modern Data Architecture on AWS

Modern Data Architecture on AWS

Every organization wants an agile, performant, and cost-effective data platform that meets all their current and future business needs. Purpose-built AWS analytics services and their features play a big part in building such a modern data platform. This book brings to you all the design and architectural patterns that’ll help you achieve this goal.

BookAug 2023420 pages5
Practical Guide to Applied Conformal Prediction in Python

Practical Guide to Applied Conformal Prediction in Python

Discover the power of Conformal Prediction with the "Practical Guide to Applied Conformal Prediction in Python." Master the latest techniques to quantify uncertainty in machine learning and computer vision models, and seamlessly apply them to your industry applications.

BookDec 2023240 pages
TinyML Cookbook

TinyML Cookbook

With over 70 project-based recipes, the TinyML Cookbook is a practical guide that will help you to get the most out of your microcontrollers. It provides a comprehensive understanding of the theoretical foundations while giving you hands-on experience training ML models for deployment on Arduino Nano 33 BLE Sense, Raspberry Pi Pico, and SparkFun RedBoard Artemis Nano microcontrollers.

BookNov 2023664 pages