Okta Certification Study Guides

Okta Certification Study Guides are updated frequently. You can access the most recent versions of these guides on the Okta Certification Credential Manager.

Okta Certified Technical Architect Exam Study Guide

Introduction

Congratulations! You are one step closer toward earning your Okta Certified Technical Architect certification!
This exam study guide is designed to help you prepare for the Okta Certified Technical Architect Exam. It contains a detailed list of the topics covered on the Technical Architect Exam, as well as a list of preparation resources. Passing this exam is a requirement for becoming an Okta Certified Technical Architect.

How to use this study guide

At minimum, we highly recommend that you thoroughly review each topic listed within the Exam Subject Area section of this study guide. Make sure you understand each topic. If you are not familiar with a topic, research it by using one of the corresponding preparation resources or search the Okta Help Center or Okta Product Documentation Library. Most topics on this exam are best learned through hands-on experience with the Okta service.

What does it mean to be an Okta Certified Technical Architect?

Okta Certified Technical Architects are technically proficient at interpreting business needs and threat drivers efficiently, leading contextual architectural design workshops, creating technical and architectural documentation, and designing scalable identity and access management solutions using the Okta service to match the needs of organizations of all sizes. Technical Architects typically work in a services delivery capacity and also have broad knowledge across all Okta products. In addition, they understand integration patterns and components including how Okta integrates and interacts with the ecosystem and complementary systems such as ERP, CRM, ITSM, CI/CD, and SIEM.

Who should take the Okta Certified Technical Architect Exam?

Although roles within different organizations may vary, candidates for the Okta Certified Technical Architect certification are typically individuals who work in one of these roles:

IAM architect
IAM services architect
Identity architect
Security architect
Cloud security architect
Integration architect
Enterprise architect

The secondary audience for the Okta Certified Technical Architect certification are individuals who work in one of these roles:

IAM solutions architect
PAM architect
IGA architect
Identity leaders
IT architects
Developers

Typical experience and background

A typical candidate for the Okta Technical Architect Certification has the following experience and credentials:

More than four years of industry experience as a services/solution architect delivering solutions to customers
More than seven years of hands-on technical consulting experience on customer projects
More than three years of experience in Workforce Identity Cloud, designing and implementing security and identity management solutions to support mission-critical business systems in a hands-on deployment role
More than three years of experience in Customer Identity Solutions, designing and implementing security and identity management solutions to support mission-critical business systems in a hands-on deployment role
More than two years of mobile or web development experience
B.S. or M.S. degree in computer science or engineering (or equivalent experience)
CISSP-ISSAP (ISC2), SANS, or TOGAF certifications
Okta Certified Consultant credential
Okta Certified Developer credential

Prerequisite knowledge and skills

The following prerequisites are assumed but not tested on the exam:

Front-end web development experience with HTML, CSS, REST, JavaScript, and JS libraries such as jQuery, AngularJS, and React
Server-side development experience with at least one server platform such as .NET, Java, PHP, and/or node.js
Mobile platforms deployment experience: iOS (Objective C and Swift), Android
Mobile Device Management (MDM)
IAM/IGA/PAM deployment experience
SaaS deployment experience (with solutions such as Salesforce, Box, Microsoft Office 365, Google G Suite, UltiPro, ServiceNow, Workday, and HR as a source for identities)
Network/cloud security integration experience (with solutions such as Cisco, F5, Palo Alto Networks, Zscaler)
API management experience (with solutions such MuleSoft, Apigee, Axway, Boomi)
Identity federation, access control, and directory protocols experience (with standards such as SAML 2.0, WS-Federation, OAuth, OpenID Connect, Active Directory, and LDAP)
PaaS/IaaS experience (with platforms such as AWS, Microsoft Azure, Google Cloud Platform)
Familiarity with cloud architectures and complex enterprise on-premise IT landscapes
Knowledge of enterprise identity life cycle management processes and standards
Ability to communicate technical concepts to non-technical and business stakeholders
Ability to communicate with customers at all levels of management and deliver informative, well-organized presentations
Ability to listen to and understand the customer's business goals, objectives, and priorities
Ability to collaborate effectively with customers to identify needs and evaluate alternative technical solutions
Ability to manage customer expectations effectively
Ability to facilitate effective team interaction
Familiarity with Zero trust concept and the complexity around it
Ability to whiteboard a solution
Knowledge of PKI experience such as certificate based user authentication, mutual TLS, etc.
Experience creating design documentation and diagrams for Information Technology architecture

Technologies covered on the exam

The following technologies are included on the Okta Certified Technical Architect Exam:

Single Sign-On
Universal Directory
Advanced Server Access
API Access Management
Multi-factor authentication
Okta Lifecycle Management, including Workflows
Okta Access Gateway

The following technologies are NOT included on the Okta Certified Technical Architect Exam:

Troubleshooting tasks
Coding tasks

About the Okta Certified Technical Architect Exam

Number and types of questions	This exam has three parts. Part I: Case study review, diagram creation, and solution design Part II: Presentation of diagrams and overview of solution Part III: Questions from panel of experts
Time allotted	Part I: 240 minutes Part II: 20 minutes Part III: 70 minutes IMPORTANT: There will be a 1-hour break between Part I and Part II of the exam and a 15-minute break between Part II and Part III of the exam. Each part is timed separately. Any time left over from Part I does NOT carry over to Part II. Time left over from Part II does carry over to Part III.
Exam Fee	USD 5,000 (USD 2,500 for each subsequent retake)
Prerequisite Certifications & Experience Required to Qualify for this Exam	Okta Certified Consultant Okta Certified Developer - Workforce Identity Cloud Minimum four years of industry experience as a services or solution architect delivering solutions in a hands-on deployment role Minimum three years of experience in Workforce Identity Cloud, designing and implementing security and identity management solutions to support mission-critical business systems in a hands-on deployment role Minimum three years of experience in Customer Identity Cloud, designing and implementing security and identity management solutions to support mission-critical business systems in a hands-on deployment role

Exam scheduling

The process for scheduling this exam differs from other Okta certification exams. Please read the information below carefully to ensure you complete the exam registration and scheduling process in its entirety. Failing to complete these steps could result in an incomplete registration and cancellation of your exam session.

Before moving forward with registration for this exam, you will be required to complete an application. This application asks you to affirm that you meet the prerequisite certification requirements and asks you to detail your hands-on project experience. The exam application can be accessed here.

If your application for the exam is approved, you will receive a registration email with directions on how to schedule and pay for your exam. In order to complete this part of the scheduling you will need to schedule your exam with our test delivery provider using the unique link provided in the registration email. Do not share or distribute this link. You will also be provided a specific time slot to select.

Once you complete your registration, you will receive two calendar invitations. The first calendar invitation is for Part I of the exam, which includes the 240-minute (4-hour) session during which you complete your solution design with a live proctor over Zoom.

The second calendar invitation is for Parts II and III of the exam, which include your presentation and Q&A with the panel of assessors. This invitation is for a 2-hour block and also includes Zoom information for joining to deliver your presentation and participate in the question and answer session with the panel of assessors.

You must accept both calendar invitations to confirm your exam session.

NOTE: Both the registration email and the calendar invitations include important information. Be sure to read these communications carefully.

Accessing your exam

The process for accessing this exam differs from other Okta certification exams. You will NOT launch this exam through Examity. For each part of the exam, refer to the calendar invitation which contains Zoom information for your session. You will launch Zoom and a proctor will guide you through the check-in process and begin your exam.

When beginning each part of the exam, you should have a government-issued ID bearing a photo nearby as you will be required to present it at the start of the session.

Understanding the exam format and delivery experience

Understanding Part I of the exam

Part I of this exam includes a customer case study that details customer objectives, pain points, and future plans. You will have 240 minutes to review this case study, create current, intermediate, and future state diagrams, and design a solution that addresses each customer requirement.

You will be provided access to Google Slides, and these slides must be used to document your diagrams and your solutions for each requirement. You must use the Google Slide deck you are provided to create your current and future state diagrams, specify your solution for each design requirement, and present your design to the panel of assessors. Each slide will have a field with the requirement and a field for you to add your solution. Because Google Slides is the main tool used for documenting exam responses, we strongly encourage you to familiarize yourself with it before the exam.

A free diagramming tool, draw.io, will be available to you for creating diagrams. Using this tool is completely optional and at the discretion of the exam taker. If you choose to use this tool, we strongly encourage you to familiarize yourself with it before the exam. Additional time will not be permitted for learning how to use the tool on the day of the exam. If you choose not to use draw.io, you can use the shapes in Google Slides to create diagrams.

You can add additional slides to supplement your presentation, but you cannot alter the format of the existing slides. Altering the format of the existing slides may impact your score. Any slides that you add to the presentation should be added at the end of the slide presentation.

Your slide deck is due immediately upon the completion of Part I. The assessors assigned to your design defense presentation will review your slide deck prior to the start of Part II of your exam.

Understanding Part II of the exam

During Part II of the exam, you will have 20 minutes to present your diagrams. Your goal for this part of the exam is to orient the assessors with your solution by providing a high-level overview of your design.

During this part of the exam, the assessors will listen to your presentation and will not ask questions. They will score your presentation on how accurately it addresses the requirements outlined in the case study.

Your presentation will be delivered over Zoom, and the session will be recorded. You will be required to remain on camera with your microphone unmuted.

Understanding Part III of the exam

During Part III of the exam, the panel of assessors will ask you questions focused on why you made a particular design decision. They will score you on how accurately your explanation justifies the design decision you made.

You may also be asked to clarify your design decision or to expound on information presented in Part II of the exam.

Responses to each question should be limited to 1-2 minutes each.

The question and answer session will be delivered over Zoom, and the session will be recorded. You will be required to remain on camera with your microphone unmuted.

Making and stating assumptions

When reviewing the case study and designing your solution, you may need to make assumptions regarding the customer environment. In the event that you make an assumption about the customer environment, document the assumption in your solution design and, where appropriate, present the assumption during your solution overview.

When designing and presenting your solution, ensure that you make a decision on how to address the customer requirement. Do not present multiple options; instead present your decision and state any assumptions that affected your decision. Presenting multiple options could result in loss of time to complete the overview and/or Q&A parts of the exam.

Time management

You will access the exam through a virtual machine environment. To ensure that you have the best experience, ensure that you are connected to a stable, high-speed Internet connection and/or that you use a wired connection.

Internet connection

Preparing for the Okta Certified Technical Architect exam

A combination of self-study and on-the-job experience is expected to prepare a candidate to take this exam.

Exam dumps and other resources are prohibited from our list of approved resources. Using these resources to prepare for your exam can lead to invalidation of your exam scores, revoking your certification, and testing bans from our program. If you are ever in doubt about approved materials for Okta exam preparation, you can reach out to our team at certification@okta.com.

Other resources

The Okta Help Center contains a knowledge library of articles and videos, some of which are pertinent to topics covered on this exam.
The Okta Content Library offers searchable white papers with a rich body of information to explore before your exam.
Join the Okta Community to review questions, discussions, ideas, and blogs for additional exam preparation.
Factor Types & Authentication Assurance Levels: An Overview

Note: This list is subject to change.

Okta Certified Technical Architect Exam subject areas

The following tables list the topics that are covered on this exam. These topics roll up into domains/exam sections. Use these tables as an outline to guide your study and validate your readiness for the Okta Certified Technical Architect Exam.

Gathering information about a company’s environment and future needs	19%
Assess authentication options for existing applications, infrastructure, or APIs (Federation (IdP, SP), SAML, OIDC, OAG, OIN, RADIUS) Assess provisioning options for existing applications, infrastructure, or APIs (Provisioning OPP, SCIM, Okta Workflows) Assess geographical distribution of users and identify the authenticators they prefer to use Assess the existing user experience for authentication and authorization Identify user types and user data sources Gather and assess existing performance metrics to determine sizing requirements
Synthesizing information about a company's current environment and future needs	27%
Gather and synthesize a company's future plans for Universal Directory and on-premise applications and directories Identify the operational and governance models (who will be admin of what; delegated admin, access control, configuration management, segregation of duties)
Designing an identity and access management solution to meet a company's needs	32%
Determine high level user data flow, data targets, and data formats Determine which applications can be integrated with Okta Determine authentication patterns Determine authorization patterns Determine user migration/integration strategy (bulk import, JIT, Hybrid Live, password import, etc) Determine approach for user identity reconciliation and consolidating identity stores Determine identity profile requirements (e.g., need for custom attributes, unique username, identity attribute sources) Determine branding requirements for Okta Determine inline hook and/or event handling approaches Design self-service flows Design Okta to function behind enterprise web application firewall services (e.g., Akamai/F5) Determine whether Okta's Okta Access Gateway or Advanced Server Access are appropriate in addition to Core Okta
Presenting and explaining an identity and access management solution	22%
Explain Okta capabilities for securing both types of application, infrastructure, and API Explain self-service components in an architecture (e.g., application request process, self-service registration flows) Explain directory import and scheduling options Explain options for HRaaS (including using Universal Directory attribute level sourcing, i.e., using HR for the source for username and Active Directory as the source for email address) Explain how MFA enrollment works Recommend and explain attribute level sourcing, i.e., using HR for the source for User name and AD as the source for email address Recommend and explain how to customize advanced Lifecycle Management integrations by using Okta Workflows