Okta Consultant Maintenance Exam Study Guide
The Okta Certified Consultant Maintenance Exam is an on-demand, unproctored, open book exam. This exam is intended for individuals who hold the Okta Certified Consultant certification, do not intend and have no need to pursue the Okta Certified Technical Architect certification, but must ensure their Okta Certified Consultant certification remains current. In order for a certification holder to keep his or her certifications current without having to retake all the prerequisite exams from scratch, the certification holder needs to either take and pass the appropriate maintenance exam or earn a new higher-level certification while his or her certifications are still current. Once his or her certifications expire, the certification holder will have to retake all the prerequisite exams.
|
Topics Covered on the Exam
Exam Section | Topic Area | Objective | Percentage | Link(s) |
Identity and Access Management - Level I
|
Single Sign-On (SSO) Federation | Based on a given use case, demonstrate knowledge of whether SAML, WS-FED, SWA, or OIDC should be used |
6%
|
Configure Single Sign-On Options |
Single Directory Integration | Demonstrate knowledge of the Active Directory integration options with Okta | Active Directory integration FAQ | ||
User Lifecycle Management - Level I
|
Okta as a Directory
|
Demonstrate knowledge of the purpose of Universal Directory (UD) |
6%
|
Manage profiles |
Demonstrate knowledge of custom attributes, mappings, and data transformation | Okta Expression Language | |||
Security - Level I
|
Basic Multifactor Authentication (MFA) | Demonstrate knowledge of authenticators, factor types, and method characteristics, enrollment, and reset |
19%
|
Configure a WebAuthn (FIDO2) authenticator |
Policies | Demonstrate knowledge of Okta policy types and their functions | Add a password policy rule | ||
Devices and Passwordless Authentication
|
Demonstrate knowledge of passwordless authentication and Okta Fastpass
|
Okta FastPass | ||
Configure an authentication policy for Okta FastPass | ||||
Demonstrate knowledge of Okta Verify | Configure Okta Verify options | |||
Demonstrate knowledge of device trust concepts including device context, device binding, registered vs. managed devices, and EDR signal |
Okta FastPass
|
|||
Administration and Troubleshooting - Level I | Logging and Reporting | Be able to use the Tasks section of the dashboard to monitor tasks | 3% | |
Identity and Access Management - Level II
|
Single Sign-On (SSO) Federation | Explain how Okta supports non-OIN applications (SAML, OIDC, OPP, SWA) |
8%
|
Create custom app integrations |
Active Directory Integration | Demonstrate understanding of Okta AD and LDAP agent architecture and best practices | Manage your LDAP integration | ||
Desktop SSO deployment | Demonstrate knowledge of how to deploy Agentless Desktop SSO | Migrate from Integrated Windows Authentication to agentless Desktop Single Sign-on | ||
User Lifecycle Management - Level II
|
Manage profiles | Create profile mappings |
8%
|
Provision applications |
Provisioning | Demonstrate knowledge of the different ways that Okta can perform lifecycle management against Apps (e.g., APIs, SCIM, SAML JIT, Password Sync, Org2Org) | SAML app integrations | ||
Okta Workflows | Demonstrate understanding of Okta Workflows for advanced lifecycle management use cases | Provision and deprovision | ||
Security - Level II
|
Network Zones | Demonstrate understanding of network zones, dynamic zones, IP zones, and blocklist zones |
14%
|
About IP zones |
Authentication | Manage authenticators and profiles | |||
Administrator roles | Demonstrate knowledge of custom admin roles and their use cases | Use custom admin roles | ||
Devices and Device Trust | Demonstrate knowledge of device trust concepts including device context, device binding, registered vs. managed devices, and EDR signals | Endpoint security integrations | ||
Administration and Troubleshooting - Level II | Logging and Reporting | Demonstrate understanding of Okta logging (log retention period, triggers, exporting log data, logging) | 3% | System Log |
Identity Access Management - Level III |
Okta Access Gateway (OAG) | Understand what OAG management is and be able to speak to its common use cases | 13% |
Okta Access Gateway (OAG) |
SCIM App Wizard | Know how to implement, test and troubleshoot the SCIM App Wizard | Create SAML app integrations | ||
Advanced Configuration with DSSO | Know how to implement, test, and troubleshoot Agentless Desktop SSO | Agentless Desktop SSO | ||
LDAP Interface | Understand how the LDAP interface can be used | Set up and manage the LDAP Interface | ||
Inbound Federation | Understand how account linking functions | Azure AD | ||
Security - Level III
|
Deployment Models & the Authentication API | Know the pros and cons of the different deployment models |
6%
|
Redirect vs. embedded |
ThreatInsight | Understand when to use ThreatInsights and know how to configure it | ThreatInsight | ||
API Functions & Troubleshooting - Level III | OAuth/API AM wrt best practices | Know why API AM should be used and why a customer would want a custom authorization server and the security the customer gains by using it | 8% | About the Interaction Code grant |
API Code Collection | Know the common use cases for API Access Management, how to create a custom authorization server, and how to properly add claims | Custom authorization server | ||
OAuth Grant Types | Know when to use the various OAuth grant types | Recommended flow by application type | ||
Customizations
|
Custom URL Domain | Know the difference between BYO and Okta managed certificate, including the pros and cons of each |
6%
|
Custom domain and email address |
Okta Hooks | Know the various use cases and differences between the different types of hooks | Registration inline hook reference |
Troubleshooting Your Unproctored Certification Maintenance Exam
|
In the very rare event that your exam freezes or stops loading, kindly Refresh your Browser Window to correct the problem and resume your exam. Please note, refreshing your exam browser window will take you back to the Introductions Screen of the exam. However, all of your answers are retained, so once you click the Take Exam button again, your exam will resume where you left off. You will not lose any of your previous responses.
|