Okta Certified Professional - Study Notes: Creating & Managing Users

What is the purpose of Okta Universal Directory (UD)?

It centralizes user identity data across all sources.

What does a user account enable in Okta?

It enables authentication into Okta.

What are the components of a user account in Okta?

Applications, Groups, Profile, Devices, Admin Roles, Pre-Enrolled Authenticators.

How is a User ID created in Okta?

Automatically when the user is saved and shown at the end of the URL.

What is the default status when importing users from CSV in Okta?

Staged.

What does the 'Staged' user account status mean?

User is created but cannot sign in; used for setup/configuration before activation.

What is the difference between 'Locked out' and 'Suspended' user statuses?

'Locked out' is triggered by exceeding sign-in attempts, while 'Suspended' is an admin action where app assignments remain.

What happens to app assignments when a user is deactivated?

All app assignments are removed, and the password is triggered for deprovisioning downstream.

What is the significance of the 'Pending user action' status?

User is waiting for activation email after being invited.

What step should be taken when a user account is locked out?

Unlock the user account to allow them to attempt sign-in again.

What is Okta Universal Directory?

A centralized system that stores and manages users

What are the four main identity source types in Okta?

Okta-Sourced; Directory-Sourced (AD/LDAP); HR-Sourced; Anything-as-a-Source (CSV-as-a-Source).

What does Okta-Sourced identity mean?

Users are created directly in Okta manually or via CSV import.

What does Directory-Sourced identity mean?

Users and attributes are imported from Active Directory or LDAP.

What does HR-Sourced identity mean?

Users are sourced from an HR system like Workday or SuccessFactors.

What does Anything-as-a-Source mean?

Any system can become a source of truth using CSV-as-a-Source or custom integrations.

What is a user account in Okta?

An identity that allows a user to sign in and access assigned applications.

What does assigning an application to a user do?

It lets the user access the app via their Okta dashboard.

What does adding a user to a group do?

The user inherits the group’s app assignments

What is a user profile?

A collection of attributes describing the user such as username

What happens when a user enrolls a device in Okta Verify?

The device becomes registered in the Okta org.

What are admin roles in Okta?

Privileges assigned to users that allow them to perform administrative tasks.

What are pre-enrolled authenticators?

Admin-configured Okta Verify enrollments created before the user logs in for the first time.

How does Okta generate a user ID?

Automatically at creation; it's displayed in the user’s URL and retrievable via API.

How do you import users using CSV?

Go to Directory → People → More actions → Import users from CSV.

What status does a new CSV-imported user get by default?

Staged.

What happens if you choose to automatically activate users during CSV import?

Users receive Pending user action status and an activation email.

What is the purpose of the Staged user status?

To pre-configure accounts before allowing sign-in.

What is Pending user action status?

The user must activate their account via email before signing in.

What is Active user status?

The user can authenticate and access applications.

When does Password reset status occur?

When a user or admin initiates a password reset.

When does Password expired status occur?

When the user’s password lifetime has expired.

When does Locked out status occur?

When the user exceeds the allowed number of sign-in attempts per password policy.

Why can't a locked-out user sign in even with the correct password?

Because the account must be manually unlocked by an admin.

What is Suspended status?

Admin action preventing sign-in while leaving app assignments intact.

When should you suspend a user?

Security concerns

What happens when a user is deactivated?

All app assignments and password are removed

Which user statuses consume a license?

Active

Which user statuses do NOT consume a license?

Staged and Deactivated.

What tool do you use to troubleshoot user sign-in issues?

System Log.

Where do you filter for user account activity?

Reports → System Log → User account activity.

How do you search for a specific user in System Log?

Use actor.alternateId equals the user’s email.

What does EventType user.account.lock indicate?

The user exceeded the maximum allowed login attempts and is locked out.

What System Log field shows the reason for login failure?

The DisplayMessage field.

How do you fix a locked-out user?

Unlock the account and have the user try again; reset password if needed.

What happens to app assignments when a user is suspended?

They remain assigned; user simply cannot sign in.

What happens to app assignments when a user is deactivated?

They are removed and deprovisioning occurs.

Why use Staged status?

To prepare or configure accounts before enabling sign-in.

Why is Pending user action important?

It signals that account activation is required by the user.

How does Okta Verify enrollment appear in Okta?

As a registered device under the user account.

What is created when a user account is saved?

A unique Okta-generated user ID.

Why is CSV Import useful?

Allows bulk user creation or updates from a spreadsheet.

What System Log filters help pinpoint sign-in issues?

Date/time filters + username search + user.account events.