okta

What problem does it solve?

This Skill helps you design, secure, and troubleshoot Okta Workforce Identity workflows so SSO, MFA, SCIM provisioning, and admin governance stay correct and auditable.

Core Features & Use Cases

• New SSO app integration workflows: choose OIDC vs SAML, configure minimal redirect/ACS settings, map only required attributes, and ship a per-app sign-on policy with rollback-ready rollout guidance.
• Sign-on policy hardening: tier applications by blast radius and implement default-deny, phishing-resistant MFA requirements, device/network conditions, and monitoring for denial spikes.
• SCIM provisioning rollout and reconciliation: plan inbound HRIS-to-Okta and outbound Okta-to-app provisioning, define lifecycle semantics, handle reconciliation, and prevent unexpected deactivations.
• IdP migration runbooks: migrate from ADFS/Ping/Azure AD/Entra/OneLogin with phased cutover, MFA enrollment strategy, workflow/automation porting, and decommission planning.
• Operational debugging with System Log: trace policy evaluation and session/IdP failure chains using evidence from System Log and produce actionable fixes.
• Signing key/API token rotation and admin role audits: rotate secrets safely with overlap/dual-key strategy and run quarterly admin governance audits with remediation tracking.

Quick Start

Use the okta skill to produce an end-to-end Okta Workforce Identity runbook for onboarding a new OIDC SSO app with default-deny sign-on policy, SCIM provisioning plan, System Log debug queries, and a Terraform-focused rollout checklist.