marks4sure logo
Regarding policies, Okta recommends:
Solution: Include a final catch-all rule that denies access to anything that does not match any of the preceding rules
Whenever you make an API call, you will then get back:
Solution: Response headers
In order for SAML to work, there is a need of an IDP and an SP and we know that already, but why is it so? Because:
Solution: An SP sends SAML assertions, while the IDP receives and validates them
Regarding Access Request Workflow, when a user requests an app - he can also include a message to the approver. But you can also designate an approver group.
Solution: Both statements are true
As an Okta admin, when you implement IWA, you have to know how to successfully test it to see if it's working. For this you:
Solution: Paste into a browser configured for DSSO the IWA redirect URL along with '/authenticated.aspx' after it, hit 'Enter' and check the message returned
Okta has a json representation of objects such as 'users', json schema interchanged on API calls, as an example, but what about the format of information regarding of a user going to a SCIM server for creating the user in an On Premises application?
Solution: Format stays the same: json
What does it mean: "Mapping Direction AD to Okta"?
Solution: Indicates a schema of attribute values flowing Okta towards AD
The SCIM protocol is
Solution: An application-level TLS protocol
When does Okta bring LDAP roles into Okta?
Solution: During both LDAP import and JIT
In order for SAML to work, there is a need of an IDP and an SP and we know that already, but why is it so? Because:
Solution: An IDP authorizes the users, while the SP authenticates them
Can you include / exclude users from specific Network Zones defined in Okta from both Sign On and Password policies?
Solution: You can do this with both policy types mentioned
When a user signs out of Okta, if they are using IWA, they'll be redirected to the Sign In page and without inputting credentials they'll be signed back in
Solution: Statement is true
Can you map the Okta user ID as an Office 365 Immutable ID?
Solution: Not possible, as Office 365 requires an Immutable ID extracted from either On-Prem AD or Azure AD
Whenever you make an API call, you will then get back:
Solution: A new object (a user, group or app object)
When using Okta Expression Language, which of the following will have the output: okta.com
Solution: String.substringAfter("abc@okta.com", "@")
With agentless DSSO (Desktop Single Sign-on), you still have a need of deploying IWA Agents in your Active Directory domains to implement DSSO functionality.
Solution: The statement is false
TESTED 19 May 2024