Introduction

How do you test for certification? I think it is common to perform authentication in the actual environment and verify whether access is possible.

By using the Access Testing Tool in Okta, you can verify whether or not an application can be accessed without having to prepare an actual device or network environment.

This time, I would like to introduce a verification using the Access Testing Tool.

Assumed case

Application to access

This time, we will perform an access test using the Access Testing Tool assuming SSO (single sign-on) to Microsoft Office 365 apps.

Authentication policy settings

This time, we will set up and verify the following authentication policy rules.

• Rule to allow access from internal network (Rule name: "Internal NW Permission Rule")
• Rule to deny access from outside the internal network (Rule name: "External NW Rejection Rule")

• Set IP to define internal network
  Define an IP Zone called "Internal NW (test)".

• Set rules ① and ② as authentication policy.
  Specify the IP Zone defined above in the rule, and set a rule to allow access from the "Internal NW (test)" IP and deny access from other IPs. .

Access testing using Access Testing Tool

In Reports > Access Testing Tool on the Okta management screen, enter the expected conditions for accessing each item.

《Input items》

• Application name
• Device status (registered with Okta)
• Network zone (which network to access from)
• Username (accessing user)
• Device platform (OS of the device being accessed)
• risk score
• Other specified items (Enter using Expression Language, a custom function unique to Okta. This was not supported at the time of validation, but will be supported in the future.
  We have also published a blog about Expression Language, so please take a look. )

Access test from internal network

When specifying the network zone, specify the IP Zone called "Internal NW (test)" that was set earlier. This allows you to test access from your internal network.

Looking at the Results, you can see that access is allowed. You can also check the applied policy rules at the bottom of the page, and see that it is permitted by the "Internal Network Permission Rules."

Access test from external network

Next, specify an IP that is not included in "Internal NW (test)" and perform an access test.

Looking at the Results, you can see that access is denied, and that it is denied by the "External NW Denial Rule".

The Access Testing Tool can check not only whether access is possible or not!

The Access Testing Tool not only checks whether or not the above access is possible, but also the authentication factors for which registration is permitted/denied, the authentication factors currently registered by the target user, required attributes, whether self-service user registration is possible or not, and the information that the target user currently has. You can also check the attributes.

• Verifying authentication factors

• Confirmation of required attributes and self-service user registration

Summary

This time we introduced Okta's Access Testing Tool. What did you think?
By using this function, you can test without preparing a troublesome verification environment, significantly reducing the time spent on verification.

If you are interested in Okta or have any other inquiries regarding Okta, please contact us.