Okta-Certified-Administrator Okta Certified Administrator Exam Question and Answers

Which is a / are best-practice(s) in a SAML 2.0 situation?

Solution: To not use SAML 2.0 and Provisioning via the same App instance in Okta, but integrate the same SP custom domain via two different app instances in Okta, one for SSO, via SAML 2.0 in this case, and one for provisioning on users

When using Okta Expression Language, which of the following will have the output: okta.com

Solution: String.substringBefore("abc@okta.com", "@okta.com")

With Okta you federate the 'Office 365 tenant name' (which is the default Microsoft domain you have) or the 'Office 365 domain'?

Solution: You federate with Okta only the 'Office 365 domain'

Whenever you make an API call, you will then get back:

Solution: Okta events under '/events' endpoint

In an SP-initiated SAML 2.0 flow, the SP will never redirect to Okta if the session is already active

Solution: It will always redirect to Okta and in this case only - will promt the user for re-authentication by manually entering SP credentials

When does Okta bring LDAP groups into Okta?

Solution: Only during an LDAP import

The SCIM protocol is for provisioning and managing identity data on the web.

Solution: An application-level TLS protocol

As an Okta best-practice / recommendation: Okta encourages you to switch from Integrated Windows Authentication (IWA or DSSO) to agentless Desktop Single Sign-on (ADSSO). Okta is no longer adding new IWA functionality and offers only limited support and bug fixes.

Solution: Both statements are true

There might be specific AD attributes, which - apart from others - do not appear in the Okta user profile. Can those extra attributes be mapped and provisioned towards an app?

Solution: Yes, if you map those attributes from AD to Okta and then Okta to App, as an example

Regarding Access Request Workflow, when a user requests an app - he can also include a message to the approver. But you can also designate an approver group.

Solution: Both statements are false

Once brought into Okta, LDAP roles are represented as:

Solution: Email lists

When using Okta Expression Language, which of the following will have the output: This is a test

Solution: String.join(",", "This", "is", "a", "test")

Regarding Access Request Workflow, when a user requests an app - he can also include a message to the approver. But you can also designate an approver group.

Solution: Both statements are true

If you want to remove an attribute's value in Okta, for example a value coming from AD that is not useful in any way, you have to:

Solution: Intentionally map a blank value to that specific attribute in the user profile

In Okta's KB articles the set of functions under the 'Provisioning' concept are referred to as CRUD. This is a concept you also meet when referring to CRUD APIs. What about its meaning here, in Okta's vision?

Solution: In 'Provisioning', CRUD stands for Create, Read, Upload, Deprovision

As an Okta admin, when you implement IWA, you have to know how to successfully test it to see if it's working. For this you:

Solution: Open up a command prompt and ping the Okta server handling the requests, information about the server found in Okta IP tables for your own org's Cell