Okta Administrator Exam Study Guide

Introduction

Congratulations on beginning the process to prepare for your second Okta Certification.

This exam study guide is designed to help you prepare for the Okta Administrator certification exam. It contains a detailed list of the topics covered on this exam, as well as a detailed list of preparation resources. 

Passing this exam is a requirement for becoming an Okta Certified Administrator. It is also a prerequisite for those seeking to become Okta Certified Administrators or Okta Certified Consultants.

How to use this study guide

At minimum, we highly recommend you thoroughly review each topic listed within the Exam Subject Areas section of this study guide. Make sure you understand and are familiar with each topic. Every single topic within that section relates to at least one question on the exam. If you are not familiar with a topic, research it by either using one of the corresponding preparation resources, or search the Okta Help Center or Okta Product Documentation library. Some topics are best learned through hands-on experience with the Okta service.

What does it mean to be an Okta Certified Administrator?

Okta Certified Administrators are technically proficient at managing the Okta service. They have extensive knowledge about how Okta enables advanced User Lifecycle Management scenarios involving mobile devices, security policy frameworks, supported SSO options, and advanced directory integration for cloud and on premise access. Administrators use the Okta Policy framework to control user access, understand how to map identity attributes and data transformations using Universal Directory, and troubleshoot issues. 

Who should take the Okta Administrator Exam?

Candidates for the Okta Certified Administrator certification must have taken and passed the Okta Professional Exam. They should also meet the following requirements at minimum:

• Two years of experience in a technical role, working in security and/or identity management Three- to six-months of on-the-job experience working with the Okta service
• One year of on-the-job experience working with the Okta service
• Successful completion of Okta Essentials or equivalent training 

 

Although roles within different organizations may vary, candidates for the Okta Certified Administrator certification are generally involved in administering IT strategy in support of an Okta solution. Candidates for this certification may be Okta Administrators, implementation consultants, identity leaders, system administrators, technical project managers, or technical project owners. 

About the Okta Administrator Exam

Exam Format

Number and Types of Questions: 60 Discrete Option Multiple-Choice (DOMC) items

Time Allotted: 90 minutes

Exam Fee 250 USD (100 USD for each subsequent retake)

Prerequisites:

• Pass the Okta Professional Exam
• Take the recommended training or self-study using the preparatory resources in the table below

 

Understanding the DOMC Item Type

This exam consists entirely of DOMC items. DOMC is a powerful measurement tool that produces reliable test scores. It does so by removing several “contaminants” that affect test outcomes but are unrelated to the knowledge and skills being tested. The DOMC item type levels the playing field, more fairly measuring candidate skills by improving:

• Readability. Because test takers are required to read less, the exam tends to take less time and places fewer demands on the slow reader or the non-native English speaker.
• Fairness. When savvy test takers are unsure of an answer, they look for clues by comparing options or gleaning information from other items on an exam. DOMC removes this test taking advantage and serves as a powerful method to assess a test taker’s actual knowledge.
• Security. Instead of displaying all options at the same time, options are randomly presented one at a time. For each presented option, test takers must make a YES or NO decision to indicate whether they think the option is correct. Answer options are presented in random order, and in most instances, test takers are NOT presented with all the available options associated with a DOMC item. Item exposure is limited by presenting only a subset of the available options to any given test taker. Limiting item exposure makes it difficult for an exam to be compromised.

 

Scoring

Test takers can be assured that the DOMC item type is scored fairly and with precision.

• If a test taker is presented with a correct option and responds YES, then that response is scored as “correct". A DOMC item can be programmed to require one or more correct responses in order to be complete and to be considered answered correctly. Typically, however, only one correct response is required.
• If a test taker is presented with a correct option and responds NO, then that item is scored as “incorrect”.
• If a test taker is presented with an incorrect option and responds YES, then that item is scored as “incorrect”.
• If a test taker is presented with an incorrect option, and that test taker responds NO (technically, a correct response), scoring of the item is postponed and another option is presented.

 

Note: Even after a test taker responds correctly or incorrectly to an item, additional correct or incorrect options might be presented but the test taker’s responses to those options will not be scored at all. This is done to prevent test takers from guessing the correctness or incorrectness of a response.

The DOMC item format requires test takers to make some adjustments to the usual test-taking approaches. The reward of such effort is confidence that those test takers who are certified are truly competent in the areas tested on the exam and will represent excellence in the field.

To learn more about DOMC items, visit http://trydomc.com/home. In addition, the Okta Professional practice exam will help you become accustomed to the new test format. We highly recommend that test takers become familiar with the format of this item type before taking any Okta certification exams.

Exam Scheduling

Okta certification exams are administered and proctored by Examity®. Okta has partnered with Examity®, a secure online proctoring service, to protect the integrity of our certification exams in the market. Online proctoring means that exams can be taken from almost any location at a time that is convenient for you, without travel to a test center. Your Okta Professional Exam must be scheduled at least 24 hours in advance of the time you wish to sit for the test in order to avoid the additional fee associated with on-demand testing.

Preparing for the Okta Administrator Exam

A combination of instructor-led training courses, self-paced learning, self-study, and on-the-job experience will prepare a candidate to take this exam.

Training

Okta Education Services offers a range of classes and training materials to help candidates prepare for this certification exam. Although attending a training class alone does not guarantee success on an Okta certification exam, we strongly recommend that candidates for certification attend Okta Essentials (an instructor-led training course with labs) in preparation for this exam

You can access Okta Essentials here: https://www.okta.com/services/training/.

Okta Essentials covers the following topics:

• Module 1: Okta Overview
• Module 2: Define Your Users in Okta
• Module 3: Configure External Directories
• Module 4: Configure Groups
• Module 5: Configure SSO and Provisioning
• Module 6: Configure Custom App Integrations
• Module 7: Manage Access Request Workflows
• Module 8: Configure Universal Directory
• Module 9: Implement the Okta Policy Framework
• Module 10: Customize Okta
• Module 11: Monitor Your Okta Org
• Module 12: Practical 

 

Visit https://www.okta.com/services/training/ for the complete course catalog.

Other Resources

• The Okta Help Center contains a knowledge library of articles and videos, some of which are pertinent to topics covered on this exam.
• The Okta Content Library offers searchable white papers with a rich body of information to explore before your exam.
• Join the Okta Community to review questions, discussions, ideas, and blogs for additional exam preparation.

Administrator Exam Subject Areas

The following table lists the topics that are covered on this exam. These topics are grouped into topics areas, and topic areas roll up into domains/exam sections. Use this list as an outline to guide your study and validate your readiness for the Okta Administrator certification exam. 

Identity and Access Management	25%
Advanced Directory Integration
Demonstrate in depth understanding of the process to manage delegated authentication with AD and LDAP using Okta agents	Preparation resources: Configuring an Organization-Wide Password Policy Delegated Authentication Install and configure the Okta Active Directory agent
Demonstrate in depth understanding of the process to manage Okta AD and LDAP agent architecture and best practices	Preparation resources: Install and configure the Okta Active Directory agent Install multiple Okta Active Directory agents LDAP Agent Deployment Guide
Demonstrate in depth understanding of the process to manage Okta agent service account and permissions needed for agents and in directories for password reset	Preparation resources: Install and configure the Okta Active Directory agent Password Synchronization Overview Using Sync Password
Demonstrate in depth understanding of the process to import and manage users coming from AD, LDAP or stored directly in Okta	Preparation resources: Import Active Directory users Activate and Deactivate Users Manage Groups Install and configure the Okta Active Directory agent
Demonstrate in depth understanding of how the Okta password sync agent works	Preparation resources: Install and Configure the Active Directory Password Sync Agent
Demonstrate knowledge of why Okta/AD password policy should match or exceed the AD policy	Preparation resources: Security Policies
Demonstrate knowledge of why multiple Okta/AD password policies might be needed	Preparation resources: Configuring an Organization-Wide Password Policy Configuring Password Policy Rules Creating Group Password Policies
Demonstrate knowledge of user activation options when using AD as a master	Preparation resources: Import Active Directory users Install and configure the Okta Active Directory agent End user account states
Single Sign-On (SSO) Federation
Demonstrate knowledge of how to use the Application Integration Wizard	Preparation resources: Using the App Integration Wizard
Demonstrate knowledge of how to configure Okta as a service provider	Preparation resources: Identity Providers
Demonstrate understanding of the SAML assertion	Preparation resources: Beginner's Guide to SAML
Demonstrate knowledge of how to set up a template application	Preparation resources: Configure the Okta Template App and Okta Plugin Template App Configuring the Okta Template WS Federation Application
Demonstrate in depth understanding of how to deploy the SWA plug-in and configure related options in Okta	Preparation resources: Silently install the Okta Browser plugin using policy settings We manage Okta browser plug-in installations. How can I prevent end users from manually installing it? Overview of Managing Apps and SSO
Demonstrate understanding of how Okta supports non-OIN applications	Preparation resources: Overview of Managing Apps and SSO Using the App Integration Wizard
Demonstrate knowledge of the security advantages and caveats in using SAML	Preparation resources: Using the App Integration Wizard SAML
Demonstrate knowledge of the configuration of OIN apps, including when to use templates for integrating applications	Preparation resources: Configuring the Okta Template WS Federation Application Using the App Integration Wizard Okta Essentials Module 6: Configure Custom App Integrations Okta Essentials Module 9: Implement the Okta Policy Framework
Desktop SSO deployment
Demonstrate knowledge of how to deploy on-premises Okta Desktop SSO/IWA, including the requirements for Desktop SSO/IWA	Preparation resources: Install and configure the Okta IWA Web App for Desktop SSO
Demonstrate knowledge of user experiences when in zones with Desktop SSO/IWA	Preparation resources: Networks
Hybrid SaaS strategies and challenges
Demonstrate knowledge of how Okta can provision users and groups to OIN apps	Preparation resources: About Group Push Provisioning and Deprovisioning The Applications Page
Architecture
Demonstrate awareness about high availability on advanced agents	Preparation resources: Okta RADIUS Server Agent Deployment Best Practices Configuring On Premises Provisioning
User Lifecycle Management	25%
Profiles mastering and write-back concepts
Demonstrate knowledge of HR as a master including the benefits of groups and group rules when using an external master	Preparation resources: Profile Mastering Attribute Level Mastering
Demonstrate knowledge of when profile mastering is used	Preparation resources: Profile Mastering Enable AD as the Profile Master
Demonstrate knowledge of when attribute level mastering is used	Preparation resources: Attribute Level Mastering
Demonstrate knowledge of the value of writing data back to directories and apps from Okta	Preparation resources: About Universal Directory Install and configure the Okta Active Directory agent
Demonstrate knowledge of working with multiple profile masters	Preparation resources: Profile Mastering Attribute Level Mastering
Demonstrate knowledge of the requirements of Okta lifecycle management and the ability to write to applications	Preparation resources: Okta Enhancements with Microsoft Office 365 Integration Provisioning and Deprovisioning
Demonstrate in depth knowledge of how to configure Okta user profiles, application profiles, and directory profiles	Preparation resources: Manage User Profiles Active Directory attribute mappings to Okta properties An updated AD attribute is not being pushed to an application that has provisioning and "Update User Attributes" enabled
Demonstrate understanding of the process to create custom attributes in UD	Preparation resources: Application-Based Mapping Attribute Level Mastering About Universal Directory Okta Essentials Module 8: Configure Universal Directory
Demonstrate in depth understanding of the process to create profile mappings	Preparation resources: About Universal Directory and user profiles
Managing Identities using Universal Directory
Demonstrate knowledge of the process to use the Okta Expression Language to transform data while mapping data with the Profile Editor	Preparation resources: Okta Expression Language
Demonstrate knowledge of the process to use the Okta Expression Language to create a custom username	Preparation resources: Okta Expression Language
Demonstrate knowledge of migrating from AD to cloud management of users	Preparation resources: Using Custom Attributes with Active Directory Manage User Profiles
Provisioning
Demonstrate knowledge of the different ways that Okta can perform lifecycle management against apps	Preparation resources: Using Sync Password SCIM: Provisioning with Okta’s Lifecycle Management Provisioning Concepts
Demonstrate knowledge of the typical flow of user registration/onboarding, updates, and deprovisioning	Preparation resources: Provisioning and Deprovisioning Provisioning Concepts
Demonstrate knowledge of how Okta can push groups to various apps	Preparation resources: About Group Push
Self-service
Demonstrate knowledge of the process to manage user's ability to reset self-service password with Active Directory mastered users or Okta mastered users	Preparation resources: Security Policies
Demonstrate knowledge of application request workflows and entitlement options	Preparation resources: Access Request Workflow
Security	25%
Okta Security Policy and Enforcement Framework
Demonstrate knowledge of the process to manage application level MFA and rules	Preparation resources: Application Level Multifactor Authentication Okta Essentials Module 9: Implement the Okta Policy Framework
Demonstrate knowledge of the process to manage the Okta Sign-on policy including adaptive MFA policy	Preparation resources: Security Behavior Detection Security Policies
Demonstrate understanding of the process to configure password policies for Okta mastered users	Preparation resources: Creating Group Password Policies Configuring an Organization-Wide Password Policy
Demonstrate understanding of the process to configure password policies for Active Directory mastered users	Preparation resources: Security Policies
Demonstrate understanding of how Okta can support legacy MFA solutions	Preparation resources: Configuring the On-Prem MFA Agent (including RSA SecurID) Okta RADIUS Server Agent Deployment Best Practices Configuring RADIUS applications in Okta
Demonstrate knowledge of the different security postures with MFA factors	Preparation resources: Multifactor Authentication Okta Verify Should You Choose U2F or Adaptive MFA?
Admin Access Control
Demonstrate knowledge of admin roles	Preparation resources: Administrators
Monitoring and Troubleshooting	15%
Logging and Reporting
Demonstrate understanding of Okta logging	Preparation resources: Exporting Okta Log Data Okta Data Retention Policy
Demonstrate ability to interpret Okta log files	Preparation resources: System Log System Log API
Demonstrate knowledge of the logging options available for Okta agents	Preparation resources: How to Retrieve Okta Logs for Troubleshooting System Log
Demonstrate knowledge of the troubleshooting options for each Okta agent/plugin	Preparation resources: Install and configure the Okta Active Directory agent Okta LDAP agent log information Installing and Configuring the Okta RADIUS Server Agent
API Functions	10%
Token Management
Demonstrate knowledge of how to create API tokens with the correct permissions	Preparation resources: API
API Extended Functions
Demonstrate knowledge of the importance of API rate limiting	Preparation resources: Rate Limits at Okta
Demonstrate knowledge of the use cases for Okta Management APIs, API-AM, and API products	Preparation resources: Create an Authorization Server - Overview API Access Management Difference Between Okta as An Authorization Server vs Custom Authorization Server
Demonstrate understanding of the importance of service accounts when using Okta API	Preparation resources: Create an API Token Administrators

Sample Items 

Know what to expect on the day of the exam. Take the Okta Administrator Practice Exam to familiarize yourself with the format of the DOMC item type.  Click the button below to check it out now! 

Administrator Practice Exam

 

Free Instructor-Led Exam Prep Webinar

Attend our free two-hour instructor-led webinar to help you prepare for the Okta Administrator Exam.

Learn more