DxE uses Okta as an SSO (single sign-on) provider, mainly for providing users with access to shared apps without revealing the password to them.
Onboarding process
User must first have a DxE G Suite account, which requires Core approval (see G Suite). If they already have a DxE G Suite account, then an Okta account can be made. Okta accounts are created by the Tech team.
(TODO: Explain how to create an account)
Offboarding process
Okta accounts should be regularly audited to remove access from inactive users.
Password or two-factor resets
Password resets can be requested by emailing the Tech team. Almira also has access to reset Okta passwords for Stakeholders.
(TODO: Explain how to reset a password or two-facotr)
Security
All users are required to use Google Authenticator (or similar). This is enforced by the "2FA" group in Okta. (TODO: confirm group name is correct)
A few users are required to use hardware keys. This is enforced by the "FIDO2" group in Okta. (TODO: confirm group name is correct)
Assigning Apps to Users
TODO