Commit 91d03ae9 authored by Lis Vinueza's avatar Lis Vinueza 🌸

Move okta tracker to IT

parent 29c6f7ed
......@@ -57,7 +57,7 @@ Okta Verify is a safe and secure application that allows push notifications and
It is supported on iPhone, Android and Windows Phones.
For some people, there are issues with installing a verification app on their phone.
If there is some reason that this is not appropriate for your geography or other reasons, please submit an issue to [Opt Out](https://gitlab.com/gitlab-com/gl-security/zero-trust/okta/issues/new?issuable_template=okta_verify_optout) and we can add you to an authentication group that will make Okta Verify optional.
If there is some reason that this is not appropriate for your geography or other reasons, please submit an issue to [Opt Out](https://gitlab.com/gitlab-com/business-ops/team-member-enablement/issue-tracker/issues/new?issuable_template=okta_verify_optout) and we can add you to an authentication group that will make Okta Verify optional.
Please note that we still recommend that you set up at least two MFA factors, in case something happens to one of your factors.
## I forgot my password/my login doesn't work, what do I do?
......@@ -133,20 +133,20 @@ As a precaution, you will also need to change your Okta Password.
## Why isn't an application I need available in Okta?
Create a [new application setup issue](https://gitlab.com/gitlab-com/gl-security/zero-trust/okta/issues/new?issuable_template=okta_add_application) and fill in as much information as you can.
Create a [new application setup issue](https://gitlab.com/gitlab-com/business-ops/change-management/issues/new?issuable_template=change_management_okta) and fill in as much information as you can.
Okta is currently configured with assigned groups/roles based on a team member's role/group.
Refer to the [Access Removal Request](/handbook/business-ops/team-member-enablement/onboarding-access-requests/access-requests/#access-change-request) section of the handbook for additional information on why an application may not be available in Okta.
### How do I get my application set up within Okta?
If you are an application owner please submit a [new application setup issue](https://gitlab.com/gitlab-com/gl-security/zero-trust/okta/issues/new?issuable_template=okta_add_application) on the Okta project page for your application.
If you are an application owner please submit a [new application setup issue](https://gitlab.com/gitlab-com/business-ops/change-management/issues/new?issuable_template=change_management_okta) on the Okta project page for your application.
We will work with you to verify details and provide setup instructions.
### I have an application that uses a shared password for my team, can I move this to Okta?
Yes you can!
Submit a [new application setup issue](https://gitlab.com/gitlab-com/gl-security/zero-trust/okta/issues/new?issuable_template=okta_add_application) on the Okta project page for your application.
Submit a [new application setup issue](https://gitlab.com/gitlab-com/business-ops/change-management/issues/new?issuable_template=change_management_okta) on the Okta project page for your application.
We will work with you to verify details and provide setup instructions.
## I'm getting asked to MFA authenticate a lot, is that normal?
......@@ -158,7 +158,7 @@ For some applications, we enforce an additional MFA step periodically because of
We are also trialling a risk-based authentication algorithm that may ask you to re-authenticate if anomalous behaviour is detected on your account or Okta detects an unusual login pattern.
At this stage, BambooHR and Greenhouse require an additional authentication step.
If you are having problems with being asked for multiple MFA authentications during the day, please [log an issue](https://gitlab.com/gitlab-com/gl-security/zero-trust/okta/issues) and we can look into it.
If you are having problems with being asked for multiple MFA authentications during the day, please [log an issue](https://gitlab.com/gitlab-com/business-ops/change-management/issues) and we can look into it.
### Why does GitLab.com ask for an additional MFA when I login via Okta?
......
......@@ -141,7 +141,7 @@ Factor Lifetime: Setting a factor lifetime is a way for end users to sign out fo
Session Lifetime: The maximum idle time before an authentication prompt is triggered. We have configured this to be 16 hrs. This is the more significant factor to note in relation to authentication, and should mean that if you log into the Okta dashboard using MFA, you should not be prompted for any additional authentication during your working day unless a specific application requires you to re-auth. For most people, this creates a straightforward daily process where they log into Okta once at the start of their day, and can keep their browser open to access applications for the rest of the day.
If you are having issues with excessive authentication requests, please [log an issue](https://gitlab.com/gitlab-com/gl-security/zero-trust/okta/issues/new?issue%5Bassignee_id%5D=&issue%5Bmilestone_id%5D=) and we will investigate.
If you are having issues with excessive authentication requests, please [log an issue](https://gitlab.com/gitlab-com/business-ops/change-management/) and we will investigate.
## Can my GitLab Okta admin see my login information?
......
......@@ -16,7 +16,7 @@ Vimeo is a video hosting, sharing, and services platform.
## Acesss
Everyone in GitLab will have access to Vimeo through Okta ([see related issue](https://gitlab.com/gitlab-com/gl-security/zero-trust/okta/-/issues/201#note_438418851)). If a higher permission set is required, [please follow the access request process](https://about.gitlab.com/handbook/business-ops/team-member-enablement/onboarding-access-requests/access-requests/) as outlined in the business operations handbook.
Everyone in GitLab will have access to Vimeo through Okta. If a higher permission set is required, [please follow the access request process](https://about.gitlab.com/handbook/business-ops/team-member-enablement/onboarding-access-requests/access-requests/) as outlined in the business operations handbook.
### User Roles
......
......@@ -145,7 +145,7 @@ If you have a question or concern and need to speak with the Security Team, you
- If shared access is required by multiple team members to a single account,
for example, a social media account, an [Access Request](https://gitlab.com/gitlab-com/team-member-epics/access-requests/-/issues/new) should be opened. The credentials will be
stored and shared via Okta.
1. If you find an existing shared account in 1Password, [create an issue](https://gitlab.com/gitlab-com/gl-security/zero-trust/okta/issues/new?issuable_template=okta_add_application)
1. If you find an existing shared account in 1Password, [create an issue](https://gitlab.com/gitlab-com/business-ops/change-management/issues/new?issuable_template=change_management_okta)
to get it migrated to Okta.
[1Password]: https://1password.com
......@@ -426,7 +426,7 @@ joining the GitLab Team account.
1. **Deprecated** When documenting the location of shared credentials in the handboook refer to the items with NAME_OF_SITE credentials in VAULT_NAME. For example:
"for access please see the AOL credentials in the Luddite vault".
* Deprecation note: This is for existing accounts only. New accounts should
be created by [creating an issue](https://gitlab.com/gitlab-com/gl-security/zero-trust/okta/issues/new?issuable_template=okta_add_application)
be created by [creating an issue](https://gitlab.com/gitlab-com/business-ops/change-management/issues/new?issuable_template=change_management_okta)
to add it to Okta.
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment