Security business menu
Security business
HOME
To be elected
cause
Service
Handling Manufacturer
Examples/reports/
Blog/Glossary
Seminar/
video on demand
Event/Seminar
video on demand

Okta

Octa

Brief description

Describe Okta's user management features.

Okta user management features

Okta has three user types: This chapter explains how to create Okta-Mastered People, and the next chapter explains how to create Directory-Mastered People (AD linkage).

  • Okta-Mastered people
    A user associated with an account created on Okta. It is also possible to create a large amount at once by importing a CSV file. Belongs to the Okta group. There are at least 4 attributes. (first name, last name, username, and email address)
  • Directory-Mastered people
    Users associated with accounts created in an external directory service such as AD and imported into Okta. By default, Directory-Mastered people cannot change the directory password, but you can change the settings so that OktaSuper Administrators can change it. Directory-Mastered people are governed by Directory user profiles. Therefore, user attributes are managed within the directory service. It is also possible to manage specific attributes from Okta instead of within the directory service. Directory-Mastered people can be associated with both Okta groups and directory groups.
  • Application-Mastered people
    A user associated with an account created in an external HR application or similar and imported into Okta.
    Examples of services that can use this feature are listed below. (AD and LDAP are Directory-Mastered people)
    https://help.okta.com/en/prod/Content/Topics/Security/administrators-admin-comparison.htm

Okta's user group feature

Okta users can be grouped and managed.

By grouping, it is possible to manage various settings for each group.

It is common to group by department or role.

A user can belong to multiple groups.

User status

I will explain each user status.

A green status may result in a charge.

Gray status is not billable.

status explanation
Staged Status when the user has not been activated after creation.
Pending user actions Activation unapproved status by user. Status during the user activation step when the user has not yet clicked the activation link in the activation email or set a password.
Active

Enabled state. In the following cases, the user will be in Active state.

  • When the administrator creates a user and executes password registration by the administrator without email authentication
  • Custom apps, Okta homepages, etc. where user registration is done by the end user themselves and email approval is not required
  • When an end-user activates an account via email approval
Password Reset (Recovery)

In the following cases, the user will be in the state of Password Reset.

  • When an account needs to set a password for the first time
  • When an end-user requests a password reset or an administrator resets the password on behalf of the end-user
Locked out If you attempt to log in more than the configured maximum number of login attempts, you will be locked out.
Suspended It becomes Suspended when the administrator sets the user to Suspend. This state has no effect on the application's assignment state.
Deactivated (Deprovisioned) Deactivated when the administrator deactivates the user or removes provisioning. In this state, the application assignment is deleted by the user.

Create users and groups

I will explain how to create users and groups on Okta.

How to create users on Okta describes manual creation and csv import.

User created (manual)

  • Transition to Directory>People screen
User created (manual)
  • Click Add Person
User created (manual)
  • Enter the following items for the user information to be created and click Save.
  • First name
  • Username
  • Last name
  • Primary email
User created (manual)

*By selecting Set by admin for Password, the administrator can set a temporary password. Check Send user activation email now for immediate user activation.

  • An email will be sent to your primary email address, so click Activate Okta Account
User created (manual)
  • Enter a new password and secret question and click Create My Account
User created (manual)

The secret question is a question to verify your identity when resetting your password.
If you do not want to use a secret question, go to the Security>Authentication>Password tab of the Okta dashboard and Box Additional self-service recovery option>Security Question in the password policy and save.

  • Press OK to complete new user creation
User created (manual)

User creation (csv import)

  • Transition to Directory>People screen
User creation (csv import)
  • Click More Actions > Import Users From CSV
User creation (csv import)
  • click this template
User creation (csv import)
  • Once the template file is downloaded, enter the information of the user you want to create on each line.

* Default required information is “login”, “firstName”, “lastName”, “email”

User creation (csv import)
  • Specify the created CSV file in “Browse” and click “Upload CSV
User creation (csv import)
  • When "CSV file parsed successfully!" is displayed, click Next
User creation (csv import)
  • Check Automatically activate new users and click Import Users
User creation (csv import)

*By checking the box, an activation email will be automatically sent to the user.

  • Click Done to complete the import
User creation (csv import)

group creation

  • Transition to Directory > Groups screen
group creation
  • Click Add Group
group creation
  • Enter the group name and click Add Group
group creation
  • Extract the new group name in the search window and confirm that the group has been created
group creation

Add User to Group

Learn how to add users to groups in Okta.

There are two ways to add users to groups in Okta: manual addition and automatic addition rules.

Add users to groups (manually)

  • Go to the Directory > Groups screen and click the appropriate group
Add users to groups (manually)
  • Click Manage People
Add users to groups (manually)
  • Display the corresponding user in Not Members in the search window and click +
Add users to groups (manually)
  • After confirming that the user has been added to Members, click Save to complete the user addition
Add users to groups (manually)

Add user to group (rule applied)

  • Move to the Directory > Groups screen and click Add Rule on the Rules tab
Add user to group (rule applied)
  • Enter the rule name, set the conditions to apply to the group, and click Add Rule
Add user to group (rule applied)

*The above rule adds to the Sales group when the department of the User attribute is "Sales".

  • Since it is Inactive after adding the rule, select Activate to make it Active
Add user to group (rule applied)
  • If it can be confirmed that the user has been added to the group according to the applicable rules, the setting is complete
Add user to group (rule applied)

Grant administrator rights

Users logging into the Okta dashboard must be granted administrator privileges. I will explain the procedure.

Grant administrator rights

  • Transition to the Security>Administrators screen
Grant administrator rights
  • Click Add Administrator
Grant administrator rights

* When granting administrator privileges on a group-by-group basis, it is possible by clicking Add Administrator Group.

  • Select an account, check the admin role to assign, and click Add Administrator
Grant administrator rights

*For each management role, please refer to the Okta manual below.

https://help.okta.com/en/prod/Content/Topics/Security/administrators-admin-comparison.htm

  • If you can confirm that administrator privileges have been granted to the relevant user, the settings are complete.
Grant administrator rights
Workforce Identity Cloud basic setting operation guide list is here

Inquiry/Document request

In charge of Macnica Okta Co., Ltd.

inquiry Document request

Mon-Fri 8:45-17:30