In an agentless DSSO (Desktop Single Sign-on) scenario Okta is the one decrypting the Kerberos ticket, finds then the user name, authenticates the user and passes back a session to the browser.
Solution: The statement is entirely valid
In an SP-initiated SAML 2.0 flow, the SP will never redirect to Okta if the session is already active
Solution: It will always redirect to Okta and in this case only - will promt the user for re-authentication by manually entering Okta credentials
Speaking of Okta Template App and Okta Pluin Template App, which of the following RegEx can you create for an allow list of URLS so that both endpoints for /login or /change_password are accepted under example.com domain?
Solution: https://example*.com/(login|change_password)
You just re-enabled IWA DSSO and notice it's not behaving as it should. What is an aspect you should keep in mind?
Solution: That when re-enabling IWA DDSO a new set of Identity Provider (IDP) routing rules have to be created
When a user's Okta password is changed:
Solution: All apps that are Provisioning-enabled and have Update Attributes option active under Provisioning settings - will begin to sync the password in respective apps, as password is an attribute of their profile - but only if JIT Provisioning is enabled as well as it has to be a just-in-time action, the moment the user resets the password
Okta AD Agents can be successfully and completely configured by:
Solution: Organization administrators
Does Okta require an Agent to sit in-between Okta to SCIM-enabled app on premises requests?
Solution: Yes, an Okta Application Integration Agent
Whenever you make an API call, you will then get back:
Solution: Response headers
When does Okta bring LDAP groups into Okta?
Solution: Only during an LDAP import
What does SCIM stand for?
Solution: System for Cross-domain Identity Management
