r/okta

▲ 1 r/okta

Anyone dispute a cheating claim?

I was taking certified professional earlier today and got falsely kicked out for cheating. Friday July 3rd is the worst day to need to contact support for answers since their offices are closed. Wondering if anyone has had experience disputing and the likely success of it?

ProctorU claimed it was for a remote desktop activity, but it's impossible for numerous reasons. Most of all being my windows version isn't new enough for RDP, and there's no other remote desktop software running. It literally cannot happen. ProctorU forwarded me to Okta for any sort of requests but I'm unsure if this is even going to lead to anything.

reddit.com
u/Rampos7 — 3 days ago
▲ 1 r/okta

Okta Consultant Hands-On Configuration Premier Practice Exam

Hello,

I've been studying for the Okta Consultant Premier Practice exam and I keep getting a Provisional Fail. I've gotten down all of the DOMC questions so I believe I keep failing from the practical portion. In case 3 and case 4, when i login to the user(not going into full question details just in case), i click on the application tile, and i am not asked for a password, which is what I want, however, when i MFA using the email, I get an error 400. I looked at the logs in Service Provider and it says it is a failure, unable to JIT. Because of this issue, I am setting up case 4 as well, but because I am unable to log into that user in case 3, i can't validate case 4 either. At this point I am unsure of what is wrong or how to even figure this out.

I was wondering if there was anyone who could help or if someone who took the exam could help me figure out what I am doing wrong? Can't seem to figure out where I am messing up or why.
Thanks in advance.

reddit.com
u/KidaPita — 4 days ago
▲ 5 r/okta

Okta Workforce to Okta Customer Identity conversion

Hello!

I am posting this because maybe someone went through the same situation.

We have an Okta Workforce tenant that end up with a big project of external customers in it and now because of the license cost we are thinking on converting it to OCI. Before going into discussions with our AE, maybe someone can help understand the following.

  1. will the conversion stays on the same platform domain *.okta.com?
  2. during the conversion process when the SKUs are enabled on Customer Identity will there be any loss of MFA configuration, auth policies, branding, app integrations, workflows, etc that we need to reconfigure and consider it?

we are using just salesforce and service now integration with our customers. SSO + SCIM Provisioning

  1. I had an argue with someone from our team saying that OCI is literally Auth0. and that there is no *.okta.com domain for oci just *.auth0.com platform with some features from Okta workforce. As far as I remember there were 3 categories of platform on SKUs, workforce, CIAM and Free Developer.

Any information will be really appreciated! Thanks a lot 🙏

reddit.com
u/54raa — 6 days ago
▲ 3 r/okta

16 weeks to onboard one internal app to Okta — is this normal or is our IAM team slow?

Genuine question. Is four months to onboard a single internal app to Okta normal, or is our IAM team just unusually slow?

I built an internal tool, flagged it for onboarding, and it's been sitting in the queue for 16 weeks. It handles customer data. Local user store, no MFA, credentials that haven't rotated since deployment. Security knows. IAM knows. Everyone agrees it's a problem. It's still not onboarded.

The bottleneck is the discovery and mapping phase, figuring out auth methods, user populations, entitlements. Multiple meetings, manual documentation, sign-off from three separate teams. The IGA onboarding bottleneck is a known problem, and nobody seems to have actually solved it operationally.

The deeper issue is structural: our identity infrastructure assumes apps get formally onboarded before governance applies. So anything in the queue is ungoverned by design until onboarding finishes. With a queue that's six months deep, that's a huge amount of unmanaged risk sitting in plain sight.

So, two questions for anyone who's dealt with this: is there tooling that actually automates the discovery phase so onboarding scales? Or does the queue just keep growing faster than you can clear it?

reddit.com
u/Curious-Cod6918 — 8 days ago
▲ 15 r/okta

Okta Administror certified

Hey everyone,
Just wanted to share a quick win. At the start of the year, I set a personal goal to get the Okta Professional cert. But right after passing it, I felt like the momentum was there, so I figured—why stop now? I decided to keep pushing while everything was fresh and just found out I cleared the Okta Certified Administrator exam! 🔐
Honestly, IAM moves fast and there's always more to learn. I've already mapped out my next steps:
🎯 Next up this year: Going after Okta Certified Consultant.
🚀 Long-term (2027): Gearing up for the big one, Okta Enterprise Architect.
For those of you who have already taken the Consultant exam, I’d love to get your insights before I dive headfirst into studying:
1 How heavily does the Consultant exam focus on complex deployment scenarios (like advanced inbound federation, multi-org setups, or tricky OIE migrations) compared to the Administrator exam?
2 Did you find the hands-on configuration part significantly more stressful or time-constrained?

reddit.com
u/Reasonable-Kale638 — 8 days ago
▲ 3 r/okta

Okta Administrator performance

Hello everyone,

I’m planning to take the Okta Administrator Performance certification soon.

I’m a bit stressed because there are no practice exams available to prepare.

I’d like to ask those who have already taken it if they could share their experience, explain how they prepared for Part II, and give any advice or tips.

I would be very grateful.

reddit.com
u/Verso26 — 7 days ago
▲ 6 r/okta+1 crossposts

Am I just crazy illiterate? | Stipe<>Okta provisioning

I am using this link to configure Stripe<>Okta SSO.

In the instructions provided via https://docs.stripe.com/get-started/account/sso/okta

I am instructed to:

  • In the left navigation pane, go to Directory &gt; Profile Editor.
  • Click the name of your Stripe app, then click Add Attribute.

This is what shows up for me. I need an External namespace, which I'm pretty sure I would expect Stripe to provide. I can't find any documentation on it.

https://preview.redd.it/g1t05r9m6i9h1.png?width=763&format=png&auto=webp&s=fe6900f5fb10eff6476d0c5934a1b4b89163005b

Here is what stripe shows the page should look like.

https://preview.redd.it/yslrzqf03i9h1.png?width=1548&format=png&auto=webp&s=56902b48bfddccf3d10e252f72cde9e40b6fd7d8

reddit.com
u/StatementNext682 — 11 days ago
▲ 6 r/okta

Okta + AD + SailPoint and still flying blind in part of the estate. Where are you closing the gaps?

On a slide, our IAM story looks fine: Okta for SSO and MFA, AD/Entra for the Windows estate, SailPoint for governance. On paper that’s a modern stack. In practice, we still have fragmentation and whole sections of the application estate that none of these platforms really see.

The pattern is probably familiar. Okta knows about the federated SaaS apps. AD or Entra handles Windows resources and a subset of on‑prem apps. SailPoint does access reviews and lifecycle for whatever has a stable connector and someone took the time to onboard properly. Then there’s the identity dark matter: in‑house tools, old line‑of‑business systems, vendor apps with only a local user table or aging LDAP, and anything nobody had time to integrate. Those systems don’t show up in governance, aren’t consistently tied to HR as the source of truth, and orphan accounts there tend to be discovered by accident during an audit or an incident, not by design.

Concrete example: during a recent access review we found a former contractor still active in a local user table on one of these “nobody had time to integrate it” apps. Exactly the kind of thing we were hoping the stack would prevent, but it never saw the system in the first place.

We’ve already done the “integrate the platforms with each other” work. That helps, but it doesn’t magically pull in the disconnected apps. The real work seems to be a detailed inventory of every app that authenticates outside the main IdP or IGA paths, followed by hard decisions about which ones can be pulled into proper workflows for provisioning, access change, and deprovisioning. After that you’re left with the set that will stay edge‑cases and need different controls and explicit documentation so they’re not invisible.

For those of you who feel you’ve actually reduced identity dark matter in your environment, what specific change — inventory approach, orchestration layer, or governance process — had the biggest impact on getting those disconnected apps into a predictable lifecycle?

reddit.com
u/SlightReflection4351 — 12 days ago
▲ 3 r/okta

CLI access

As a dev writing tools that primarily support developers on headless machines, how am I supposed to authenticate users to my services?

I was hoping to have one native app and exchange it for service tokens but that doesn't appear to be possible. It seems like I need to modify our service to accept tokens from a brand new native app. This sounds like a huge headache so I am hoping to be able to handle this via token exchange

Are there any real world examples for On-Behalf-Of token exchanges? The docs are honestly awful on this

reddit.com
u/Sillocan — 12 days ago
▲ 0 r/okta

Anyway to bypass this?

Trying to access some work stuff on my personal computer but getting this error. Is there any way to bypass this?

u/Feeling-One141 — 13 days ago
▲ 4 r/okta+1 crossposts

O365 Mobile App Fed Auth Failures?

Asking the wider IT community if anyone has noticed the O365 mobile apps failing to send the federation auth to OKTA. Watching many users who do the following:

- Access their OKTA subdomain, like contoso.okta.com via browser
- Enter creds, pass MFA, dashboard is presented. Everything is fine.

But

- Access any Office 365 mobile app, like Excel
- Enter username with domain, such as user@contoso.com
- End user never gets to submit their credentials, and traffic never makes it to OKTA. There's no network blocking, and there is no difference between WIFI/5G/Android/iOS/macOS.

Only known common denominator is Microsoft updating their mobile apps several times in the last two weeks. Seems post-update, the apps are dead on arrival.

reddit.com
u/Deweyoxberg — 12 days ago