DxE uses Okta as an SSO (single sign-on) provider, mainly for providing users with access to shared apps without revealing the password to them.

Onboarding process

User must first have a DxE G Suite account, which requires Core approval (see G Suite). If they already have a DxE G Suite account, then an Okta account can be made. Okta accounts are created by the Tech team.

(TODO: Explain how to create an account)

Offboarding process

Okta accounts should be regularly audited to remove access from inactive users.

Password or two-factor resets

Password resets can be requested by emailing the Tech team. Almira also has access to reset Okta passwords for Stakeholders.

(TODO: Explain how to reset a password or two-facotr)

Security

All users are required to use Google Authenticator (or similar). This is enforced by the "2FA" group in Okta. (TODO: confirm group name is correct)

A few users are required to use hardware keys. This is enforced by the "FIDO2" group in Okta. (TODO: confirm group name is correct)

Assigning Apps to Users

TODO