Okta-Certified-Administrator Exam Dumps - Okta Certified Administrator Exam

When a user's Okta password is changed:

Solution: All apps that are Provisioning-enabled and have Update Attributes option active under Provisioning settings - will begin to sync the password in respective apps, as password is an attribute of their profile - but only if JIT Provisioning is enabled as well as it has to be a just-in-time action, the moment the user resets the password

In Okta's KB articles the set of functions under the 'Provisioning' concept are referred to as CRUD. This is a concept you also meet when referring to CRUD APIs. What about its meaning here, in Okta's vision?

Solution: In 'Provisioning', CRUD stands for Create, Read, Upload, Deprovision

There might be specific AD attributes, which - apart from others - do not appear in the Okta user profile. Can those extra attributes be mapped and provisioned towards an app?

Solution: Yes, but you need to have a SAML 2.0 integrated app or such flow

There might be specific AD attributes, which - apart from others - do not appear in the Okta user profile. Can those extra attributes be mapped and provisioned towards an app?

Solution: No, it is not possible as Okta queries the whole AD schema and retrieves everything that it's able to

When a user signs out of Okta, if they are using IWA, they'll be redirected to the Sign In page and without inputting credentials they'll be signed back in

Solution: Statement is true

When does Okta bring LDAP roles into Okta?

Solution: During both LDAP import and JIT

As an Okta best-practice / recommendation: Okta encourages you to switch from Integrated Windows Authentication (IWA or DSSO) to agentless Desktop Single Sign-on (ADSSO). Okta is no longer adding new IWA functionality and offers only limited support and bug fixes.

Solution: Only the second statement is true

Whenever you make an API call, you will then get back:

Solution: A new object (a user, group or app object)

Which of the following is / are true?

Solution: If an MFA factor is set to 'required' and another MFA factor set to 'disabled', then users can choose between the two factors when enrolling, but then can use only the first one for successful logins

Speaking of Okta Template App and Okta Pluin Template App, which of the following RegEx can you create for an allow list of URLS so that both endpoints for /login or /change_password are accepted under example.com domain?

Solution: https://example.com/(login|change_password)

Okta has a json representation of objects such as 'users', json schema interchanged on API calls, as an example, but what about the format of information regarding of a user going to a SCIM server for creating the user in an On Premises application?

Solution: Format is different: xml

In an agentless DSSO (Desktop Single Sign-on) scenario Okta is the one decrypting the Kerberos ticket, finds then the user name, authenticates the user and passes back a session to the browser.

Solution: The statement is entirely valid

As an Okta best-practice / recommendation: Okta encourages you to switch from Integrated Windows Authentication (IWA or DSSO) to agentless Desktop Single Sign-on (ADSSO). Okta is no longer adding new IWA functionality and offers only limited support and bug fixes.

Solution: Only the first statement is true

Regarding policies, Okta recommends:

Solution: To have one policy rule per application, as more will most probably alter the behavior too much and you may miss important behaviors

Which is a / are best-practice(s) in a SAML 2.0 situation?

Solution: To not use SAML 2.0 and Provisioning via the same App instance in Okta, but integrate the same SP custom domain via two different app instances in Okta, one for SSO, via SAML 2.0 in this case, and one for provisioning on users

Which is a / are best-practice(s) in a SAML 2.0 situation?

Solution: To not link your admin user from the SP via SAML with a user from Okta, if the app (SP) does not provide a SAML bypass URL