Okta Certified Consultant

Okta Certified Consultants have knowledge in implementing the Okta service in a variety of configurations. The consultants have experience and skills in integrating common applications like Microsoft Office 365, Google Workspace, Box, and Salesforce with Okta. They also have extensive knowledge in scoping and implementing complex Okta integrations involving multi-forest and multi-domain environments, advanced single sign-on (SSO), and inbound federation with Okta. 

Who should take the Okta Consultant Exam?

The major candidates for the Okta Certified Consultant certification are individuals with Okta Certified Administrator certification and are involved with implementing Okta. Further, the candidates are recommended to have:

• Firstly, five-plus years of experience in security administration for Identity and Access Management
• Secondly, one year of hands-on experience implementing Okta and in implementing attribute-level sourcing over directory services and human resource systems as a source of truth for users. And, also knowledge in migrating user data and passwords from an existing source of truth into Okta.
• Thirdly, experience using various Okta tools like SAML Wizard, Okta Radius Agent, OIDC flows, etc on advanced SSO integrations. And, experience with Advanced Server Access management and OAuth 2.0 roles.
• Fourthly, knowledge and experience in implementing custom configurations with Okta using various tools like Okta on-premises provisioning (OPP), custom email domain, sign-in screen, sign-in widget, custom vanity login UI, and more.
• Then, experience with advanced configurations of directory agents, Desktop SSO, verbose logging, proxy settings, and in providing Integrated Windows Authentication (IWA) to globally distributed companies.
• After that, knowledge in configuring adaptive MFA, behavioral detection, pre-authentication sign-on, and ThreatInsights.
• Lastly, knowledge and understanding of device trust, the process of how Okta APIs, API Access Management, scopes, and claims can be used for implementing custom solutions, and familiarity with API collections.

Exam Format

Okta Certified Consultant exam will have 60 discrete option multiple-choice (DOMC) questions. For completing the exam, there is a time duration of 90 minutes. The exam will cost you around $300 (USD). Further, this exam will also have two case studies. 

Schedule the Exam

Okta certification exams are administered and proctored by Examity ( secure online proctoring service). Okta has partnered with Examity for protecting the integrity of our certification exams. 

This offers online proctoring in which you can take the exam from almost any location at a time that is convenient for you, without any need for traveling to a test center. However, the Okta Certified Consultant Exam must be scheduled at least 24 hours in advance of the time you plan for sitting for the test in order to avoid the additional fee associated with on-demand testing.

Exam Course Outline

Okta Certified Consultant exam validates candidate’s performance on the basis of the following topics:

1. Implementing Advanced Sourcing

1.1 “As a Source” setup and configuration flow 

• Configure attribute level sourcing and configure the priority of the profile sources in an Okta org

Preparation resource:

• About attribute-level sourcing

• Demonstrate understanding of the priority of the profile sources in an Okta org

Preparation resources:

• About profile sourcing
• About attribute-level sourcing

1.2 Advanced Sourcing Concepts

• Understand the architecture of advanced sourcing (Example: the flow of attribute data), including how to deploy, test, and troubleshoot common sourcing configurations

Preparation resources:

• Provisioning and Deprovisioning
• Install and Configure the Okta AD Agent

1.3 Data Migration Strategy

• Know the common data migration patterns, including the steps to migrate user data and passwords from an existing system to Okta

Preparation resource:

• Okta User Migration Guide

1.4 HR-as-a-Source (scenarios)

• Know how to deploy, test and troubleshoot common sourcing configurations, including HR as a source options such as OIN, API as a source, and CSV directory, and understand the flow of attribute data

Preparation resource:

• About profile sourcing

1.5 Profile Mappings (Profile Editor)

• Know how to map attributes from source systems to target systems, how to identify basic attribute transformations, and how to troubleshoot common attribute mapping issues

Preparation resources:

• About attribute-level sourcing
• Okta Expression Language Overview

Implementing Advanced SSO Strategies

2.1 Advanced SAML implementation scenarios

• Know how to use the SAML Wizard and how to perform attribute mappings on SAML assertions

Preparation resource:

• Using the App Integration Wizard

2.2 Advanced Server Access concepts and overview

• Understand what Advanced Server Access management is and be able to speak to its common use cases

Preparation resources:

• Advanced Server Access Setup Introduction
• Advanced Server Access

2.3 OIDC Flows

• Know the OAuth 2.0 roles of the authorization server, resource server, and resource owner

Preparation resources:

• Authentication API vs OAuth 2.0 vs OpenID Connect
• OAuth 2.0

• Know when to use the various OIDC flows based on the type of application (Example: mobile apps, single page applications, web applications on the server side).

Preparation resource:

• Recommended Flow by Application Type

2.4 Okta RADIUS Agent for an SSO Solution

• Know when to use the Okta RADIUS Agent (Example: To bypass MFA on sign-in prompt)

Preparation resource:

• Okta RADIUS Server Agent Deployment Best Practices

• Know how to configure the Okta RADIUS Agent for an SSO Solution (Example: To connect from Okta to a VPN)

2.5 Testing and Troubleshooting SSO Integrations

• Know the various error codes, including the types of tools that Okta recommends to use for troubleshooting SSO integrations, as well as the tools used during each step

Preparation resources:

• Enable CORS Overview
• Authentication API
• SAML Tracer Overview
• Connecting to Okta using the LDAP Interface

3. Implementing Custom Configuration Options with Okta

3.1 Architecture, capabilities, and common use cases of OPP

• Understand the common use cases for OPP and know the supported OPP features such as create, update, deactivate, and sync password

Preparation resource:

• Configuring On Premises Provisioning

3.2 Custom Email Domain

• Know the common use cases for custom email domain

Preparation resource:

• Configure a Custom Email Domain

3.3 Custom Login Flows

• Know what’s possible with the out of the box sign-in screen vs sign-in widget, custom vanity login UI, etc.

Preparation resources:

• Customize the Okta URL domain
• Okta Sign-In Widget Guide

3.4 Custom URL Domain

• Know when custom URL domain should be used

Preparation resources:

• Customize the Okta URL domain
• Configure a custom URL domain

3.5 MFA as a service

• Know how to implement, test and troubleshoot configuration of MFA as a Services (MFA for ADFS)

Preparation resource:

• MFA for Active Directory Federation Services (ADFS)

3.6 Okta Hooks

• Know the various use cases and differences between the different types of hooks

Preparation resources:

• Inline Hooks
• SAML Assertion Inline Hook Reference

3.7 On-Premises MFA

• Know the use cases for On-Prem MFA, as well as understand the architecture, and know the steps to set up On-Prem MFA

Preparation resource:

• Configuring the On-Prem MFA Agent

3.8 SCIM App Wizard

• Know how to implement, test and troubleshoot the SCIM App Wizard

Preparation resources:

• SCIM: Provisioning with Okta’s Lifecycle Management
• Using the App Integration Wizard

4. Implementing Directory Solutions

4.1 Advanced configuration of the Okta AD Agent

• Know how to size the agent deployment, configure the agent to communicate with multiple domains, configure the agent for throughput, configure verbose logging, and configure the proxy settings

Preparation resource:

• Okta AD agent configuration variable definitions

4.2 Advanced configuration with DSSO

• Understand how the global redirect url works and how the global redirect URL can be used along with DNS size or geolocation policies in DNS to support and provide local IWA to globally distributed companies.

Preparation resource:

• Install and configure the Okta IWA Web agent for Desktop SSO

4.3 Common multi-forest/multi-domain configuration issues

• Know how to test and troubleshoot common configuration issues in multi-forest/ multi-domain environments

Preparation resources:

• Install and configure the Okta IWA Web agent for Desktop SSO
• Register Multiple Domains to an Okta Active Directory (AD) Agent

4.4 LDAP Integration

• Know the common use cases for LDAP Agent such as delegated authentication and provisioning to existing LDAP environments, as well as the process to integrate LDAP with Okta

Preparation resources:

• Connecting to Okta using the LDAP Interface
• Delegated Authentication
• Install and Configure the Okta LDAP Agent

4.5 LDAP Interface

• Know how to implement, test and troubleshoot the LDAP interface.

Preparation resource:

• Connecting to Okta using the LDAP Interface

5. Implementing Inbound Federation with Okta

5.1 IdP Discovery

• Know how to deploy, test and troubleshoot IdP discovery when configured in Okta, including configuring IdP policy, and IdP routing rules based on user attributes, group membership, etc.; not the on-prem app that could be built

Preparation resource:

• Identity Provider Discovery

5.2 Okta as a service provider with a 3rd party IdP

• Know when to use Okta as a service provider (SP) with a 3rd party identity provider (IdP)

Preparation resource:

• Identity Providers

5.3 Social Identity Providers

• Know how to implement social login with Okta, including configuring the various components required for social login, such as OAuth 2.0 client in the social provider, an identity provider in Okta, and an OIDC application in Okta

Preparation resources:

• Social Identity Provider Settings
• Add an External Identity Provider

5.4 Inbound Federation

• Know how to troubleshoot Inbound Federation

Preparation resources:

• Identity Providers 
• Identity Provider Discovery

5.5 Profile Mappings (Profile Editor)

• Know how to map attributes from source systems to target systems, how to identify basic attribute transformations, and how to troubleshoot common attribute mapping issues

Preparation resources:

• About attribute-level sourcing
• Okta Expression Language Overview

6. Implementing Okta Policies

6.1 Adaptive MFA

• Know which types of conditions can be used as triggers such as new city, country, state, IP or velocity rules

Preparation resources:

• Security Behavior Detection
• Security Policies

6.2 Device Trust (Windows and Mac)

• Know how device trust works with a third-party provider

Preparation resource:

• Okta Device Trust for Mobile Devices

6.3 Okta Sign-On Policy with Behavioral Detection

• Know how to explain, deploy, and troubleshoot Behavioral Detection for an application sign-on policy

Preparation resource:

• Security Behavior Detection

6.4 Pre-Authn Sign-on Evaluation Policy

• Understand the benefits of the Pre-authn sign-on evaluation policy

Preparation resources:

• Security Policies
• Security Blog–How Okta Protects You Against Identity Attacks

6.5 ThreatInsight

• Know the prerequisites for configuring ThreatInsights as well as the steps to configure ThreatInsights and how to exempt access from trusted IP addresses blocked by ThreatInsight

Preparation resource:

• ThreatInsight

7. Working with Okta APIs and API Access Management

7.1 API Access Management

• Know the common use cases for API Access Management and know how to create a custom authorization server and how to properly add claims

Preparation resources:

• Custom Authorization Server
• Create Access Policies
• What is an Authorization Server?

7.2 API Code Collection

• Know the common use cases for Okta APIs

Preparation resources:

• Authentication API
• Zone Model

• Know which Okta API calls fall under which collection

Preparation resources:

• Factors API
• Schemas API
• API Reference

7.3 Commonly used scripted API calls (Example: deactivate/delete all users in group)

• Know which APIs are in the Okta API collection, the commonly used ones and what they are used for; but not the exact calls

Preparation resources:

• Users API > Activate Users
• Identity Providers API
• System Log API Getting Started

7.4 Entitlement architecture – claims vs. scopes and their relationship

• Know the differences between claims and scopes and how claims and scopes are used in the context of OIDC

Preparation resources:

• OpenID Connect & OAuth 2.0 API
• OpenID Connect & OAuth 2.0 API Scopes

7.5 OAuth/API AM wrt best practices

• Know why API AM should be used and why a customer would want a custom authorization server and the security the customer gains by using it

Preparation resource:

• API Access Management with Okta

Check Okta Certified Consultant Exam FAQS

Understanding the DOMC item type

Okta Certified Consultant exam consists entirely of DOMC items. DOMC refers to a powerful measurement tool that produces reliable test scores. It does so by removing several “contaminants” that affect test outcomes but are unrelated to the knowledge and skills being tested. The DOMC item type levels the playing field, and more fairly measures your skills by improving:

• Readability
  • However, you are required to read less text, the exam likely to take less time and places little demands on the slower reader or the non-native English speaker.
• Fairness
  • When sharp test takers are unsure of an answer, they search for clues by comparing options or obtaining information from other items on an exam. However, DOMC eliminates the test-taking advantage and serves as a strong technique for assessing your knowledge.
• Security
  • Rather than displaying all options at the same time, options are randomly presented one at a time. For every option presented, you must make a YES or NO decision for indicating whether you think the option is correct. Answer options are provided in random order, and you are NOT presented with all the available options linked with a DOMC item.

Exam Scoring

DOMC item type is scored fairly and with precision. However,

• Firstly, if you are given with a correct option and respond YES, then that response is scored as “correct”. A DOMC item can be programmed to need one or more correct responses for completing and to be considered answered correctly.
• Secondly, if you are given with a correct option and respond NO, then that item is scored as “incorrect”.
• Thirdly, if you are given with an incorrect option and respond YES, then that item is scored as “incorrect”.
• Lastly, if you are given with an incorrect option, and respond NO , the item is not scored until additional options are presented and responded to.

Exam Retakes

Exam retakes are subject to the following conditions:

• Firstly, a candidate can retake a failed exam 24 hours after his or her first failed attempt
• Secondly, a candidate must wait 14 days after each subsequent failed attempt prior to retaking a failed exam
• Thirdly, candidates cannot not retake passed exams
• Next, the exam fees must be paid for each attempt. And, the fees paid will not be refunded for a failed exam
• Lastly, the exam fees for retaking an Okta certification exam is $100 USD for each retake attempt.

Okta Certified Consultant Exam Study Guide

Understanding the Exam Topics

The Okta Certified Consultant exam measures your knowledge and skills in various areas. These areas consist of topics and sections that will help you understand the areas as well as you will be able to apply your practical knowledge and skill in these. However, the topics for the exam are:

• Firsty, implementing Advanced Sourcing
• Secondly, implementing Advanced SSO Strategies
• Thirdly, implementing Custom Configuration Options with Okta
• Next, implementing Directory Solutions
• Implementing Inbound Federation with Okta
• Then, implementing Okta Policies
• Lastly, working with Okta APIs and API Access Management

Okta Training

Okta Education Services offers various classes and training materials for helping you in preparing for the certification exam. Some of the training courses for the Okta Certified Consultant exam are:

Implementing Advanced Server Access (ASA)

In this course, candidates will learn and gain hands-on practice in using an Okta org for configuring identity first, zero-trust access management for your cloud, and on-premise infrastructure. However, candidates successfully passing the course will have knowledge in:

• Firstly, explaining the architecture of ASA. 
• Secondly, identity components of ASA. 
• Thirdly, creating a new ASA team and projects. 
• Fourthly, configuring server agents and enrollment. 
• Then, integrating ASA with client tools. 
• Next, configuring client enrollment. 
• Creating access policies and entitlements. 
• After that, using the API to access reporting data. 
• Lastly, deploying Cloud servers with automatic enrollment. 

Implementing Okta Access Gateway (OAG)

In this course, candidates will get knowledge about common use cases for OAG, installation requirements, best practices from the field, and troubleshooting methods. Moreover, they will gain hands-on practice for installing and configuring the virtual OAG appliance to an Okta org. Further, candidates during the course will gain knowledge in:

• Firstly, identifying common use cases for Okta Access Gateway. 
• Secondly, installing and updating OAG. Configure a sample header-based app. 
• Thirdly, configuring a Kerberos app and complex applications, like EBS. 
• Then, setting up SSL certificates and manage OAG security. 
• Next, configuring OAG for High Availability. 
• After that, monitoring and troubleshooting OAG. 
• Lastly, configuring OAG Data Stores. 

Okta Community

During your preparation, you can join the Okta community to connect with people of familiar interests. Here, you can submit new ideas, communicate with Okta, find answers, or join the conversation in the community forums. Moreover, you will hear from customers and partners, as well as Okta’s engineers and product leaders.

Assessing yourself using Practice Tests

Using the practice tests will help you to find out your weak areas and it will improve your answering skills. Further, practice tests also enhance your knowledge level help you get a strong revision by evaluating after every topic. So, start practicing using the Okta Certified Consultant practice exam tests and pass the exam.

Prepare for the Okta Certified Consultant exam Now!