Question 31
When a user's Okta password is changed:
Solution: All apps that are Provisioning-enabled and have Update Attributes option active under Provisioning settings - will begin to sync the password in respective apps, as password is an attribute of their profile - but only if JIT Provisioning is enabled as well as it has to be a just-in-time action, the moment the user resets the password
Question 32
You just re-enabled IWA DSSO and notice it's not behaving as it should. What is an aspect you should keep in mind?
Solution: That when re-enabling IWA DDSO you have to issue another API token for the AD / IWA Agents
Question 33
In order for SAML to work, there is a need of an IDP and an SP and we know that already, but why is it so? Because:
Solution: An IDP authorizes the users, while the SP authenticates them
Question 34
The Okta On-Prem MFA Agent acts as a Radius client and communicates with the RADIUS enabled On-Prem server, including RSA Authentication manager for RSA SecurIDs. This basically allows your organization to leverage Second Factor from a variety of On-Premises multifactor authentication tools.
Solution: The statement is true
Question 35
In an SP-initiated SAML 2.0 flow, the SP will never redirect to Okta if the session is already active Solution: It will always redirect to Okta and in this case only - will promt the user for re-authentication by manually entering SP credentials
