When using Okta Expression Language, which variable type results out of this Okta Expression? isMemberOfGroup("groupId")
Solution: Array
If you want to remove an attribute's value in Okta, for example a value coming from AD that is not useful in any way, you have to:
Solution: Intentionally map a blank value to that specific attribute in the user profile
When a user's Okta password is changed:
Solution: All apps that are Provisioning-enabled and have Update Attributes option active under Provisioning settings - will begin to sync the password in respective apps, as password is an attribute of their profile - but only if JIT Provisioning is enabled as well as it has to be a just-in-time action, the moment the user resets the password
Can you map the Okta user ID as an Office 365 Immutable ID?
Solution: Not possible and not intended to be possible as it cannot work like this
When does Okta bring LDAP roles into Okta?
Solution: Only during LDAP JIT
When a user signs out of Okta, if they are using IWA, they'll be redirected to the Sign In page and without inputting credentials they'll be signed back in
Solution: Statement is false, as this would represent a security concern
In an agentless DSSO (Desktop Single Sign-on) scenario Okta is the one decrypting the Kerberos ticket, finds then the user name, authenticates the user and passes back a session to the browser.
Solution: The statement is valid, but Okta is not the one doing authentication - IWA Agent and AD Agent are doing that as AD agent verifies the AD user's identity
When you are trying to federate (via WS-FED) Office 365 with Okta:
Solution: You can choose between SAML 2.0 or OIDC for the current integration
Does Okta require an Agent to sit in-between Okta to SCIM-enabled app on premises requests?
Solution: Yes, and AD Agent
When you call a GET API call for users / groups / and other such objects, the response is usually Paginated, in case these are a lot of objects returned. What do you do in order to retrieve all objects?
Solution: You call the very same API multiple times, till the response will be empty
Once brought into Okta, LDAP roles are represented as:
Solution: Licences
There might be specific AD attributes, which - apart from others - do not appear in the Okta user profile. Can those extra attributes be mapped and provisioned towards an app?
Solution: Yes, if you map those attributes from AD to Okta and then Okta to App, as an example
When a user's Okta password is changed:
Solution: All apps that are Provisioning-enabled and have Sync Password option active under Provisioning settings - will begin to sync the password in respective apps, but only if JIT Provisioning is enabled as well as it has to be a just-in-time action, the moment the user resets the password
When using Okta Expression Language, which of the following will have the output: okta.com
Solution: String.substring("abc@okta.com", "@")
How can SAML provision attributes via JIT? Or even create users?
Solution: By including specific information in the GET API call
Okta has a json representation of objects such as 'users', json schema interchanged on API calls, as an example, but what about the format of information regarding of a user going to a SCIM server for creating the user in an On Premises application?
Solution: Format is different: xml
Can you map the Okta user ID as an Office 365 Immutable ID?
Solution: Done via mappings, by pushing from Okta to Office 365: user.getInternalProperty("id")
After you turn on Desktop SSO, a default DSSO related routing rule is created. You must configure the network information for this rule.
Solution: You have nothing to do and even the rule is by default set to "Active"
On a Windows machine, which is the right behavior if you try to sign into your Okta org and agentless DSSO is properly configured for it?
Solution: You will be automatically redirected to The Okta Sign In page for your organization, where you need to fill in with your AD credentials