Okta Certified Consultant Hands-on Configuration Exam
IntroductionCongratulations on beginning the process to prepare for your Okta Consultant certification. This exam study guide is designed to help you prepare for the Okta Certified Consultant Hands-On Configuration Exam. It contains a detailed list of the topics covered on this exam, as well as a list of preparation resources. Passing this exam or the Okta Certified Consultant exam is a requirement for becoming an Okta Certified Consultant. It is also a prerequisite for anyone seeking to become an Okta Certified Technical Architect. The Okta Consultant Hands-On Configuration exam is based on the Okta Identity Engine and includes both Discrete Option Multiple Choice (DOMC) questions and hands-on configuration tasks. The Okta Certified Consultant exam is based on the Okta Classic Engine and is comprised entirely of DOMC questions.
How to use this study guideAt minimum, we highly recommend that you thoroughly review each topic listed in the Consultant Exam subject areas section of this study guide. Make sure you understand each topic. If you are not familiar with a topic, research it by either using one of the corresponding preparation resources or searching the Okta Help Center or Okta Product Documentation Library. Some topics are best learned through hands-on experience with the Okta service.
What does it mean to be an Okta Certified Consultant?Okta Certified Consultants are technically proficient at implementing the Okta service in a variety of configurations. Consultants have experience integrating common applications such as Microsoft Office 365, Google Workspace, Box, and Salesforce with Okta. They also have extensive knowledge and experience scoping and implementing complex Okta integrations involving multi-forest and multi-domain environments, advanced single sign-on (SSO), and inbound federation with Okta. Consultants have working knowledge of Okta APIs and custom configuration options. Who should take the Okta Certified Consultant Hands-On Configuration Exam?The primary candidates for the Okta Certified Consultant certification are individuals who hold the Okta Certified Administrator certification and are involved with implementing Okta. Okta recommends that candidates for the Okta Certified Consultant certification meet the following requirements at minimum:
About the Okta Certified Consultant Hands-On Configuration Exam
Exam SchedulingOkta certification exams are administered and proctored by Examity®, a secure online proctoring service. Okta has partnered with Examity to protect the integrity of our certification exams. Online proctoring means that you can take Okta exams from almost any location at a time that is convenient for you, without requiring that you travel to a test center. Your Okta certification exam must be scheduled at least 24 hours in advance of the time you plan to sit for the test in order to avoid the additional fee associated with on-demand testing. You can schedule your exam through the Okta Certification Credential Manager. Understanding the types of items included on this examPart I of this exam includes Discrete Option Multiple-Choice (DOMC) items. Part II contains performance-based, hands-on use cases. Understanding the DOMC item typePart I of this exam consists of 43 DOMC items. DOMC is a powerful measurement tool that produces reliable test scores. It does so by removing several “contaminants” that affect test outcomes but are unrelated to the knowledge and skills being tested. The DOMC item type levels the playing field, and more fairly measures your skills by improving:
ScoringYou can be assured that the DOMC item type is scored fairly and with precision.
Note: Even after you respond correctly or incorrectly to an item, additional correct or incorrect options might be presented but your responses to those options will not be scored at all. This is done to prevent you from guessing the correctness or incorrectness of a response. The DOMC item format might require that you make some adjustments to your usual test-taking approaches. The reward of such effort is confidence that those test takers who become certified are truly competent in the areas tested on the exam and will represent excellence in the field. To learn more about DOMC items, visit https://domc.caveon.com/home. In addition, the Okta Consultant Practice and Premier Practice Exams will help you become accustomed to the new test format. We highly recommend that you become familiar with the format of this item type before taking any Okta certification exams. Understanding the performance-based use cases on this examPart II of the exam contains instructions for Part II, the credentials needed to access the Okta orgs that are assigned at the beginning of the exam, high level background information, and four use cases. The information, org credentials, and four use cases are accessible through tabs on the exam screen. Each use case consists of configuration tasks that test takers are asked to complete in their assigned Okta Identity Engine Preview Orgs. This exam allows test takers to demonstrate their skill with the Okta service in a natural way that mimics how administrators use Okta on the job. We recommend that test takers complete the use cases and tasks in order because completing some tasks depend on the successful completion of previous tasks. Scoring of Performance-Based Use CasesUses cases are graded upon the submission of the exam or immediately at the end of the 120-minute time clock allotted for this part of the exam. A scoring rubric is used to grade this exam. The grading process is automated using scripts to query the logs of the Okta tenants, as well as APIs to validate specific configurations. As it is a program policy, we provide a final Pass or Fail decision only. We do not provide grades, nor do we make public the minimum amount of points an exam taker needs to pass our exams. Submitting the ExamAt the bottom of the page is a blue button labeled "Save & Submit Exam". After you have completed all of the use cases and you are ready to submit your exam, click the SAVE & SUBMIT EXAM BUTTON. When you do, you will be presented with a confirmation popup. Clicking the YES, SUBMIT NOW button will end your exam and submit it for grading. Preparing for the Okta Consultant Hands-On Configuration ExamA combination of instructor-led training courses, self-paced learning, self-study, and on-the-job experience will prepare you to take this exam. Okta resources
Certified Consultant Hands-On Configuration Exam subject areasPart I subject areas The following table lists the topics that are covered in Part I of the exam. These topics are grouped into topic areas, and topic areas roll up into domains/exam sections. Use this list as an outline to guide your study and validate your readiness for Part I of this exam. |
| Implementing Advanced Sourcing | 8% |
| "As a Source" setup and configuration flow | |
| Configure attribute level sourcing and configure the priority of the profile sources in an Okta org | |
| Demonstrate understanding of the priority of the profile sources in an Okta org | |
| Advanced Sourcing Concepts | |
| Understand the architecture of advanced sourcing (e.g., the flow of attribute data), including how to deploy, test, and troubleshoot common sourcing configurations | |
| Data Migration Strategy | |
| Know the common data migration patterns, including the steps to migrate user data and passwords from an existing system to Okta | |
| HR-as-a-Source (Scenarios) | |
| Know how to deploy, test and troubleshoot common sourcing configurations, including HR as a source options such as OIN, API as a source, and CSV directory, and understand the flow of attribute data | |
| Profile Mappings (Profile Editor) | |
| Know how to map attributes from source systems to target systems, how to identify basic attribute transformations, and how to troubleshoot | |
| Implementing Advanced SSO Strategies | 15% |
| Advanced SAML implementation scenarios | |
| Know how to use the SAML Wizard and how to perform attribute mappings on SAML assertions | |
| Advanced Server Access Concepts and Overview | |
| Understand what Advanced Server Access management is and be able to speak to its common use cases | |
| Okta Access Gateway (OAG) | |
| Understand what Okta Access Gateway management is and be able to speak to its common use cases | |
| OIDC Flows | |
| Know the OAuth 2.0 roles of the authorization server, resource server, and resource owner | |
| Know when to use the various OIDC flows based on the type of application (e.g., mobile apps, single page applications, web applications on the server side) | |
| Okta RADIUS Agent for an SSO Solution | |
| Know when to use the Okta RADIUS Agent | |
| Know how to configure the Okta RADIUS Agent for an SSO Solution (e.g., to connect from Okta to a VPN); understand the nuances of RADIUS; know which protocols are supported | |
| Testing & Troubleshooting SSO Integrations | |
| Know the various http error codes, including the types of tools that Okta recommends to use for troubleshooting SSO integrations, as well as the tools used during each step | |
| Implementing Custom Configuration Options with Okta | 19% |
| Architecture, capabilities, and common use cases of OPP | |
| Understand the common use cases for OPP and know the supported OPP features such as create, update, deactivate, and sync password | |
| Know the common use cases for custom email domain | |
| Know the common use cases for custom email domain | |
| Deployment Models & the Authentication API | |
| Know what is possible with the out of the box sign-in screen vs sign-in widget, custom vanity login UI, etc. | |
| Know the pros and cons of the different deployment models | |
| Custom URL Domain | |
| Know when custom URL domain should be used | |
| Know the difference between BYO and Okta managed certificate, including the pros and cons of each | |
| MFA as a service | |
| Know how to implement, test and troubleshoot configuration of MFA as a Service (MFA for Active Directory Federation Service) | |
| Okta Hooks | |
| Know the various use cases and differences between the different types of hooks | |
| SCIM App Wizard | |
| Know how to implement, test and troubleshoot the SCIM App Wizard | |
| Implementing Directory Solutions | 13% |
| Active Directory Integration | |
| Know how to size the Okta Active Directory Agent deployment, configure the Okta Active Directory agent to communicate with multiple domains, configure the Okta Active Directory agent for throughput, configure verbose logging, and configure the proxy settings | |
| Know how to test and troubleshoot common configuration issues in multi-forest/multi-domain environments | |
| Advanced Configuration with DSSO | |
| Know how to implement, test, and troubleshoot Agentless Desktop SSO |
|
| LDAP Integration | |
| Know the common use cases for LDAP Agent such as delegated authentication and provisioning to existing LDAP environments, as well as the process to integrate LDAP with Okta | |
| Know the functional differences between Active Directory integration and LDAP integration | |
| LDAP Interface | |
| Understand the existence of the LDAP interface and how it can be used | |
| Implementing Inbound Federation | 13% |
| IdP Discovery | |
| Know how to deploy, test and troubleshoot IdP discovery when configured in Okta, including configuring IdP policy, and IdP routing rules based on user attributes, group membership, etc. | |
| Okta as a service provider with a 3rd party IdP | |
| Know when to use Okta as a service provider (SP) with a 3rd party identity provider (IdP) | |
| Know how to generate IDP-initiated URLs | |
| Social Identity Providers | |
| Know how to implement social login with Okta, including configuring the various components required for social login, such as OAuth 2.0 client in the social provider, an identity provider in Okta, and an OIDC application in Okta | |
| Inbound Federation | |
| Know how to troubleshoot Inbound Federation | |
| Understand how account linking functions | |
| Understand best practices for Inbound Federation | |
| Know when to use Okta Org2Org and how to configure it | |
| Implementing Okta Policies | 15% |
| Okta FastPass | |
| Know how OktaFastPass works, the benefits, and the end user experience | |
| Global Session Policy with Behavioral Detection | |
| Know how to explain, deploy, and troubleshoot Behavioral Detection for Global Session Policy | |
| Know how to explain, deploy, and troubleshoot Okta Global Session Policy | |
| Authentication Policies | |
| Know how to explain, deploy, and troubleshoot authentication policies | |
| Pre-Authn Sign-on Evaluation Policy | |
| Understand the benefits of the Pre-authn sign-on evaluation policy | |
| IdP Based Sign-on Policies | |
| Know how to configure IDP based sign-on policies | |
| ThreatInsight | |
| Understand when to use ThreatInsights and know how to configure it | |
| Know the capabilities/supported systems that Okta can ingest | |
| Working with Okta APIs | 6% |
| API Code Collection | |
| Know the common use cases for Okta APIs, including options for accessing Okta APIs | |
| Commonly used scripted API calls (Example: deactivate/delete all users in group) | |
| Know which APIs are in the Okta API collection, the commonly used ones and what they are used for; but not the exact calls | |
| OAuth/API AM wrt best practices | |
| Know why API AM should be used and why a customer would want a custom authorization server and the security the customer gains by using it | |
| Working with API Access Management | 11% |
| API Code Collection | |
| Know the common use cases for API Access Management, how to create a custom authorization server, and how to properly add claims | |
| Entitlement architecture - Claims vs. Scopes and Their Relationship | |
| Know the differences between claims and scopes and how claims and scopes are used in the context of OIDC | |
| Configure API AM Access Policies | |
| OAuth Grant Types (Including Interaction Flow) | |
| Know when to use the various OAuth grant types | |
| Okta SDKs | |
| Know when to use Okta SDKs vs APIs |
Part II subject areas
The following table lists the use cases and tasks that are assessed in this exam and documentation related to the tasks listed.
| Use Case | % of Part II Related to Use Case |
| App Integrations | 25% |
|
Configuration Tasks:
|
Preparation Resources: |
| Creating a Custom Admin | 25% |
|
Configuration Tasks:
|
Preparation Resources: |
| Configuring Policies | 25% |
|
Configuration Tasks:
|
Preparation Resources: |
| Creating Routing Rules | 25% |
|
Configuration Tasks:
|
Preparation Resources: |
Sample items
Know what to expect on the day of the exam. Take the Okta Consultant Hands-On Configuration Practice Exam to familiarize yourself with the format of the DOMC item type.
Click the button below to check it out.
Okta Consultant Hands-On Configuration Standard Practice Exam
Subject matter experts for the Okta Certified Consultant Hands-On Configuration Exam
Okta certification exams are designed and built by subject matter experts who have extensive real world-experiences implementing the Okta service.
Here is the list of subject matter experts who made significant contributions in designing and building this exam:
Anuj Aggarwal
Benjamin Chan
Chris Gustafson
Dale Huggins
Fabio Santos
James Garvin
Najar Aryal
Sarathkumar Manian
Serge Zhivotovsky
Shad Lutz
Yuki Tsuboi
