Free AI web copilot to create summaries, insights and extended knowledge, download it at here

4911

Abstract

CM.163 How to limit network access and thereby limit possible attacks on our Okta User Directory</h3></div> <div><p>medium.com</p></div> </div> <div> <div style="background-image: url(https://miro.readmedium.com/v2/resize:fit:320/1*Gp16zsRnO0GDtXwvUz8AOw.png)"></div> </div> </div> </a> </div><div id="9493" class="link-block"> <a href="https://readmedium.com/okta-iam-d373122aaab5"> <div> <div> <h2>Okta IAM</h2> <div><h3>ACM.164 Create custom admin roles to separate user creation from assigning user access</h3></div> <div><p>medium.com</p></div> </div> <div> <div style="background-image: url(https://miro.readmedium.com/v2/resize:fit:320/1*BRW0LMJVuIeP4FZY_UF3YQ.png)"></div> </div> </div> </a> </div><div id="ef52" class="link-block"> <a href="https://readmedium.com/okta-mfa-770ff702ff6"> <div> <div> <h2>Okta MFA</h2> <div><h3>ACM.165 Additional MFA options (like Yubikey with no seed) and enforcing MFA policies</h3></div> <div><p>medium.com</p></div> </div> <div> <div style="background-image: url(https://miro.readmedium.com/v2/resize:fit:320/1*nvgjz6cLFVw1871Aeq76jw.png)"></div> </div> </div> </a> </div><div id="08db" class="link-block"> <a href="https://readmedium.com/okta-logging-monitoring-and-alerts-4ade3e85858"> <div> <div> <h2>Okta Logging, Monitoring, and Alerts</h2> <div><h3>ACM.166 Be aware of and investigate security problems on Okta</h3></div> <div><p>medium.com</p></div> </div> <div> <div style="background-image: url(https://miro.readmedium.com/v2/resize:fit:320/1*0ZnnVjdU12gN7Fkmlq8CRA.png)"></div> </div> </div> </a> </div><div id="3fa7" class="link-block"> <a href="https://readmedium.com/aws-saml-federation-to-okta-architecture-1ed2631076d"> <div> <div> <h2>AWS SAML Federation to Okta Architecture</h2> <div><h3>ACM.167 Architectural components and separation of duties</h3></div> <div><p>medium.com</p></div> </div> <div> <div style="background-image: url(https://miro.readmedium.com/v2/resize:fit:320/1*LR74kxzBj37-sI9UCs0mIA.png)"></div> </div> </div> </a> </div><div id="c500" class="link-block"> <a href="https://readmedium.com/okta-saml-integration-with-aws-iam-step-1-obtaining-the-metadata-d3baece43bd2"> <div> <div> <h2>Okta SAML Integration with AWS IAM Step 1: Obtaining the Metadata</h2> <div><h3>ACM.172 Obtaining the metadata from Okta to create the IdP configuration on AWS</h3></div> <div><p>medium.com</p></div> </div> <div> <div style="background-image: url(https://miro.readmedium.com/v2/resize:fit:320/1*dFtgaqCbWTDFZLqiHLyJGQ.png)"></div> </div> </div> </a> </div><div id="7e56" class="link-block"> <a href="https://readmedium.com/okta-saml-integration-with-aws-iam-step-2-aws-iam-identity-provider-712114162f94"> <div> <div> <h2>Okta SAML Integration with AWS IAM Step 2: AWS IAM Identity Provider</h2> <div><h3>ACM.173 Using CloudFormation to deploy an IdP for Okta in your AWS Organizations management account</h3></div> <div><p>medium.com</p></div> </div> <div> <div style="background-image: url(https://miro.readmedium.com/v2/resize:fit:320/1*VZWJ7lMueJvECRU21gHqwQ.png)"></div> </div> </div> </a> </div><div id="cf96" class="link-block"> <a href="https://readmedium.com/okta-saml-integration-with-aws-iam-step-3-creating-saml-roles-4179e6d2be94"> <div> <div> <h2>Okta SAML Integration with AWS IAM Step 3: Creating SAML Roles</h2> <div><h3>ACM.174 Determining permissions for an AWS Billing Administrator Role</h3></div> <div><p>medium.com</p></div> </div> <div> <div style="background-image: url(https://miro.readmedium.com/v2/resize:fit:320/1*PTJZogALr41ieCvMb_zZqA.png)"></div> </div> </div> </a> </div><div id="2452" class="link-bloc

Options

k"> <a href="https://readmedium.com/okta-saml-integration-with-aws-iam-step-4-granting-okta-users-access-to-aws-roles-ac7425b00852"> <div> <div> <h2>Okta SAML Integration with AWS IAM Step 4: Granting Okta Users Access to AWS Roles</h2> <div><h3>ACM.175 Creating a link between Okta Groups and AWS Okta Roles</h3></div> <div><p>medium.com</p></div> </div> <div> <div style="background-image: url(https://miro.readmedium.com/v2/resize:fit:320/1*U1KV-WAUYxZ-0tg6erchfw.png)"></div> </div> </div> </a> </div><div id="0068" class="link-block"> <a href="https://readmedium.com/oktapus-7a58e4dbc1d8"> <div> <div> <h2>Oktapus</h2> <div><h3>ACM.123 Reviewing one of the most dangerous attacks in 2022 to design an authentication system less susceptible to…</h3></div> <div><p>medium.com</p></div> </div> <div> <div style="background-image: url(https://miro.readmedium.com/v2/resize:fit:320/1*fuqtXPP3_UbEZE4n2imsnA.png)"></div> </div> </div> </a> </div><div id="bed7" class="link-block"> <a href="https://readmedium.com/security-risks-associated-with-support-teams-c09492c6ea47"> <div> <div> <h2>Security Risks Associated with Support Teams</h2> <div><h3>ACM.176 Take a look at what supports team are requesting from customers and employees give them</h3></div> <div><p>medium.com</p></div> </div> <div> <div style="background-image: url(https://miro.readmedium.com/v2/resize:fit:320/1*4phBMLEh-T0matw8ZPxhPw.png)"></div> </div> </div> </a> </div><div id="55f5" class="link-block"> <a href="https://readmedium.com/risks-using-a-third-party-identity-provider-with-azure-ea3a90013ce0"> <div> <div> <h2>Risks Using a Third Party Identity Provider with Azure</h2> <div><h3>ACM.177 Did the US government say you should not use third-party Identity Providers with Azure?</h3></div> <div><p>medium.com</p></div> </div> <div> <div style="background-image: url(https://miro.readmedium.com/v2/resize:fit:320/1*nyKoqeI4SnXgITHhxJrFNg.png)"></div> </div> </div> </a> </div><div id="b402" class="link-block"> <a href="https://readmedium.com/assessing-supply-chain-geopolitical-risk-c1a74384660d"> <div> <div> <h2>Assessing Supply Chain Geopolitical Risk</h2> <div><h3>ACM.179 Where does the company in your supply chain build, test, and sell their products?</h3></div> <div><p>medium.com</p></div> </div> <div> <div style="background-image: url(https://miro.readmedium.com/v2/resize:fit:320/1*mQyFnHUDl6nGW3jWMcaWeg.png)"></div> </div> </div> </a> </div><p id="e34f">Follow for updates.</p><p id="4a3a">Teri Radichel | <i>© <a href="https://2ndsightlab.com/?source=post_page---------------------------">2nd Sight Lab</a> 2023</i></p><div id="8b5f"><pre><span class="hljs-section">About Teri Radichel:

⭐️ Author: Cybersecurity Books
⭐️ Presentations: Presentations by Teri Radichel
⭐️ Recognition: SANS Award, AWS Security Hero, IANS Faculty
⭐️ Certifications: SANS ~ GSE 240
⭐️ Education: BA Business, Master of Software Engineering, Master of Infosec
⭐️ Company: Penetration Tests, Assessments, Phone Consulting ~ 2nd Sight Lab</pre></div><div id="caae"><pre><span class="hljs-section">Need Help With Cybersecurity, Cloud, or Application Security?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~</span>
🔒 Request a penetration test or security assessment
🔒 Schedule a consulting call
🔒 Cybersecurity Speaker for Presentation</pre></div><div id="5a42"><pre>Follow <span class="hljs-keyword">for</span> more stories like <span class="hljs-keyword">this</span>:

❤️ Sign Up my Medium Email List ❤️ Twitter: <span class="hljs-meta">@teriradichel</span> ❤️ LinkedIn: https:<span class="hljs-comment">//www.linkedin.com/in/teriradichel</span> ❤️ Mastodon: <span class="hljs-meta">@teriradichel</span><span class="hljs-meta">@infosec</span>.exchange ❤️ Facebook: 2nd Sight Lab ❤️ YouTube: @2ndsightlab</pre></div><figure id="faf5"><img src="https://cdn-images-1.readmedium.com/v2/resize:fit:800/0*H9Ew1KCl-29nZiPR.jpeg"><figcaption></figcaption></figure></article></body>

Okta

Stories related to Okta by Teri Radichel

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

⚙️ Check out my series on Automating Cybersecurity Metrics. The Code.

🔒 Related Stories: IAM | Data Breaches | Cybersecurity

💻 Free Content on Jobs in Cybersecurity | ✉️ Sign up for the Email List

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

As noted in the posts below I am working through an assessment of Okta, but I do not have full visibility into the things I would ask or inspect in a full assessment. I do not have visibility into internal Okta development practices, developer permissions, IAM segregation of duties, data access, source control security(!), and network segmentation, support processes and access, for example, other than what is described in their architectural document and the CSA questionnaire which I cover in a post below.

I have no affiliation with Okta, nor am I getting paid — I am paying them for services. I am interested in this product for security architecture reasons and testing out various integrations to determine how to best segregate duties and protect credentials used on cloud platforms. The idea is to centralize authentication and separate it from the cloud platforms themselves, while the cloud platforms provide the authorization for actions taken on the platform. I have been interested in testing this product for for this purpose for while and finally got around to doing it. I do not do free product assessments. If you would like me to assess a product for you, you can hire me through IANS Research or contact me on LinkedIn if you are not an IANS customer.

If you want to try out the steps below, Okta offers a free trial here.

https://www.okta.com/free-trial/

What is an identity provider (IdP)?

ACM.148 Centralize user authentication for your organization

medium.com

Federating AWS Authentication to Okta with SAML

ACM.160 A high level walkthrough of integrating Okta with AWS

medium.com

Assessing Okta’s Protection of Customer’s AWS Credentials and User Directory

ACM.161 How does Okta protect our AWS credentials, configuration, system integration, and directory data?

medium.com

Okta Networking

ACM.163 How to limit network access and thereby limit possible attacks on our Okta User Directory

medium.com

Okta IAM

ACM.164 Create custom admin roles to separate user creation from assigning user access

medium.com

Okta MFA

ACM.165 Additional MFA options (like Yubikey with no seed) and enforcing MFA policies

medium.com

Okta Logging, Monitoring, and Alerts

ACM.166 Be aware of and investigate security problems on Okta

medium.com

AWS SAML Federation to Okta Architecture

ACM.167 Architectural components and separation of duties

medium.com

Okta SAML Integration with AWS IAM Step 1: Obtaining the Metadata

ACM.172 Obtaining the metadata from Okta to create the IdP configuration on AWS

medium.com

Okta SAML Integration with AWS IAM Step 2: AWS IAM Identity Provider

ACM.173 Using CloudFormation to deploy an IdP for Okta in your AWS Organizations management account

medium.com

Okta SAML Integration with AWS IAM Step 3: Creating SAML Roles

ACM.174 Determining permissions for an AWS Billing Administrator Role

medium.com

Okta SAML Integration with AWS IAM Step 4: Granting Okta Users Access to AWS Roles

ACM.175 Creating a link between Okta Groups and AWS Okta Roles

medium.com

Oktapus

ACM.123 Reviewing one of the most dangerous attacks in 2022 to design an authentication system less susceptible to…

medium.com

Security Risks Associated with Support Teams

ACM.176 Take a look at what supports team are requesting from customers and employees give them

medium.com

Risks Using a Third Party Identity Provider with Azure

ACM.177 Did the US government say you should not use third-party Identity Providers with Azure?

medium.com

Assessing Supply Chain Geopolitical Risk

ACM.179 Where does the company in your supply chain build, test, and sell their products?

medium.com

Follow for updates.

About Teri Radichel:
~~~~~~~~~~~~~~~~~~~~
⭐️ Author: Cybersecurity Books
⭐️ Presentations: Presentations by Teri Radichel
⭐️ Recognition: SANS Award, AWS Security Hero, IANS Faculty
⭐️ Certifications: SANS ~ GSE 240
⭐️ Education: BA Business, Master of Software Engineering, Master of Infosec
⭐️ Company: Penetration Tests, Assessments, Phone Consulting ~ 2nd Sight Lab

Need Help With Cybersecurity, Cloud, or Application Security?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
🔒 Request a penetration test or security assessment
🔒 Schedule a consulting call
🔒 Cybersecurity Speaker for Presentation

Follow for more stories like this:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 
❤️ Sign Up my Medium Email List
❤️ Twitter: @teriradichel
❤️ LinkedIn: https://www.linkedin.com/in/teriradichel
❤️ Mastodon: @teriradichel@infosec.exchange
❤️ Facebook: 2nd Sight Lab
❤️ YouTube: @2ndsightlab