Okta Consultant Exam Study Guide
To learn how to prepare for your Okta Certification Exam, watch our video here.
Introduction
Congratulations! You are one step closer toward earning your Okta Certified Consultant certification.
This exam study guide is designed to help you prepare for the Okta Consultant Certification Exam. Passing this exam in addition to having active, unexpired Okta Certified Professional and Okta Certified Administrator certifications are requirements for attaining the Okta Certified Consultant certification. Detailed exam topics and available preparation resources are included in this guide. Reading this guide in no way guarantees a passing score on the Okta Consultant exam.
How to use this study guide
At minimum, we highly recommend that you thoroughly review each topic listed in the Consultant Exam subject areas section of this study guide. Make sure you understand each topic. Every topic within that section relates to at least one question on the exam. If you are not familiar with a topic, research it by either using one of the corresponding preparation resources or searching the Okta Help Center or Okta Product Documentation Library. Some topics are best learned through hands-on experience with the Okta service.
What does it mean to be an Okta Certified Consultant?
Okta Certified Consultants are technically proficient at implementing the Okta service in a variety of configurations. Consultants have experience integrating common applications such as Microsoft Office 365, Google Workspace, Box, and Salesforce with Okta. They also have extensive knowledge and experience scoping and implementing complex Okta integrations involving multi-forest and multi-domain environments, advanced single sign-on (SSO), and inbound federation with Okta. Consultants have working knowledge of Okta APIs and custom configuration options.
Who should take the Okta Consultant Exam?
The primary candidates for the Okta Certified Consultant certification are individuals who hold the Okta Certified Administrator certification and are involved with implementing Okta. Okta recommends that candidates for the Okta Certified Consultant certification meet the following requirements at minimum:
- More than five years of experience in security administration for Identity and Access Management
- One year of hands-on experience implementing Okta
- Successful completion of Advanced Profile Sourcing Techniques and Inbound Federation: Using Okta as a Service Provider courses or equivalent training
- Hands-on experience implementing attribute-level sourcing across directory services and human resource systems as a source of truth for users, as well as experience migrating user data and passwords from an existing source of truth into Okta
- Experience using various Okta tools (Examples: SAML Wizard, Okta Radius Agent, OIDC flows) on advanced SSO integrations, and
- Experience with Advanced Server Access management and OAuth 2.0 roles
- Experience implementing custom configurations with Okta using various tools (Examples: Okta on-premises provisioning (OPP), custom email domain, sign-in screen, sign-in widget, custom vanity login UI, custom URL, MFA as a Service, on-premises MFA, SCIM App Wizard), but might need guidance troubleshooting custom configuration issues
- Experience with advanced configurations of directory agents (Active Directory and LDAP), Desktop SSO, verbose logging, and proxy settings
- Experience providing Integrated Windows Authentication (IWA) to globally distributed companies, but might need guidance troubleshooting multi-forest/multi-domain configuration issues
- Experience implementing inbound federation with Okta, but might need guidance to troubleshoot inbound federation issues
- Ability to configure adaptive MFA, behavioral detection, pre-authentication sign-on, and ThreatInsights, but might need to reference configuration documentation
- Understanding of device trust, but might need guidance to troubleshoot common Okta policy implementation issues
- Understanding of how Okta APIs, API Access Management, scopes, and claims can be used to implement custom solutions, experience using Okta APIs in a non-production lab environment, and familiarity with API collections
About the Okta Consultant Exam
Exam format
Number and types of questions: 60 Discrete Option Multiple-Choice (DOMC) items
Case study:
- This exam contains two case studies.
- Many of the questions on this exam reference one of the two case studies.
- Some of the questions are completely independent and do not reference either case study.
Time allotted: 90 minutes
Exam fee: 300 USD (100 USD for each subsequent retake)
Prerequisites:
- Active, unexpired Okta Certified Professional and Okta Certified Administrator certifications
- Successful completion of the recommended training or self-study using the preparation resources listed in the Consultant Exam subject areas table at the end of this page
Understanding the DOMC Item Type
This exam uses DOMC items exclusively. DOMC is a powerful measurement tool that produces reliable test scores. It does so by removing several “contaminants” that affect test outcomes but are unrelated to the knowledge and skills being tested. The DOMC item type levels the playing field, and more fairly measures your skills by improving:
Readability. Because you are required to read less text, the exam tends to take less time and places fewer demands on the slower reader or the non-native English speaker.
Fairness. When savvy test takers are unsure of an answer, they look for clues by comparing options or gleaning information from other items on an exam. DOMC removes this test-taking advantage and serves as a powerful method to assess your actual knowledge.
Security. Instead of displaying all options at the same time, options are randomly presented one at a time. For each option presented, you must make a YES or NO decision to indicate whether you think the option is correct. Answer options are presented in random order, and in most instances, you are NOT presented with all the available options associated with a DOMC item. Item exposure is limited by presenting only a subset of the available options to you. Limiting item exposure helps ensure the integrity of the exam.
Scoring
You can be assured that the DOMC item type is scored fairly and with precision.
- If you are presented with a correct option and respond YES, then that response is scored as “correct". A DOMC item can be programmed to require one or more correct responses in order to be complete and to be considered answered correctly. Typically, however, only one correct response is required.
- If you are presented with a correct option and respond NO, then that item is scored as “incorrect”.
- If you are presented with an incorrect option and respond YES, then that item is scored as “incorrect”.
- If you are presented with an incorrect option and respond NO (technically a correct response), the item is not scored until additional options are presented and responded to.
Note: Even after you respond correctly or incorrectly to an item, additional correct or incorrect options might be presented but your responses to those options will not be scored at all. This is done to prevent you from guessing the correctness or incorrectness of a response.
The DOMC item format might require that you make some adjustments to your usual test-taking approaches. The reward of such effort is confidence that those test takers who become certified are truly competent in the areas tested on the exam and will represent excellence in the field.
Exam scheduling
Okta certification exams are administered and proctored by Examity®, a secure online proctoring service. Okta has partnered with Examity to protect the integrity of our certification exams. Online proctoring means that you can take an exam from almost any location at a time that is convenient for you, without requiring that you travel to a test center. Your Okta Consultant Exam must be scheduled at least 24 hours in advance of the time you plan to sit for the test in order to avoid the additional fee associated with on-demand testing. You can schedule your exam through the Okta Certification Credential Manager.
Preparing for the Okta Consultant Exam
A combination of instructor-led training courses, self-paced learning, self-study, and on-the-job experience will prepare you to take this exam.
Training
Okta Education Services offers a range of classes and training materials to help you prepare for this certification exam. Although attending a training class does not guarantee success on an Okta certification exam, we strongly recommend that you attend both Advanced Profile Sourcing Techniques and Inbound Federation: Using Okta as a Service Provider in preparation for this exam. You can register for these courses here: https://www.okta.com/services/training/.
Other Resources
- The Okta Help Center contains a knowledge library of articles and videos, some of which are pertinent to topics covered on this exam.
- The Okta Content Library offers searchable white papers with a rich body of information to explore before your exam.
- Join the Okta Community to review questions, discussions, ideas, and blogs for additional exam preparation.
Consultant Exam subject areas
The following table lists the topics that are covered on this exam. These topics are grouped into topics areas, and topic areas roll up into domains/exam sections. Use this list as an outline to guide your study and validate your readiness for the Okta Consultant Certification Exam.
Implementing Advanced Sourcing |
15% |
"As a Source" setup and configuration flow |
|
Configure attribute level sourcing and configure the priority of the profile sources in an Okta org |
Preparation resource: |
Demonstrate understanding of the priority of the profile sources in an Okta org |
Preparation resources: |
Advanced Sourcing Concepts |
|
Understand the architecture of advanced sourcing (Example: the flow of attribute data), including how to deploy, test, and troubleshoot common sourcing configurations |
Preparation resources: |
Data Migration Strategy |
|
Know the common data migration patterns, including the steps to migrate user data and passwords from an existing system to Okta |
Preparation resource: |
HR-as-a-Source (scenarios) |
|
Know how to deploy, test and troubleshoot common sourcing configurations, including HR as a source options such as OIN, API as a source, and CSV directory, and understand the flow of attribute data |
Preparation resource: |
Profile Mappings (Profile Editor) |
|
Know how to map attributes from source systems to target systems, how to identify basic attribute transformations, and how to troubleshoot common attribute mapping issues |
Preparation resources: |
Implementing Advanced SSO Strategies |
20% |
Advanced SAML implementation scenarios |
|
Know how to use the SAML Wizard and how to perform attribute mappings on SAML assertions |
Preparation resource: |
Advanced Server Access concepts and overview |
|
Understand what Advanced Server Access management is and be able to speak to its common use cases |
Preparation resources: |
OIDC Flows |
|
Know the OAuth 2.0 roles of the authorization server, resource server, and resource owner |
Preparation resources: |
Know when to use the various OIDC flows based on the type of application (Example: mobile apps, single page applications, web applications on the server side). |
Preparation resource: |
Okta RADIUS Agent for an SSO Solution |
|
Know when to use the Okta RADIUS Agent (Example: To bypass MFA on sign-in prompt) |
Preparation resource: |
Know how to configure the Okta RADIUS Agent for an SSO Solution (Example: To connect from Okta to a VPN) |
Preparation resource: |
Testing and Troubleshooting SSO Integrations |
|
Know the various error codes, including the types of tools that Okta recommends to use for troubleshooting SSO integrations, as well as the tools used during each step |
Preparation resources: |
Implementing Custom Configuration Options with Okta |
17% |
Architecture, capabilities, and common use cases of OPP |
|
Understand the common use cases for OPP and know the supported OPP features such as create, update, deactivate, and sync password |
Preparation resource: |
Custom Email Domain |
|
Know the common use cases for custom email domain |
Preparation resource: |
Custom Login Flows |
|
Know what's possible with the out of the box sign-in screen vs sign-in widget, custom vanity login UI, etc. |
Preparation resources: |
Custom URL Domain |
|
Know when custom URL domain should be used |
Preparation resources: |
MFA as a service |
|
Know how to implement, test and troubleshoot configuration of MFA as a Services (MFA for ADFS) |
Preparation resource: |
Okta Hooks |
|
Know the various use cases and differences between the different types of hooks |
Preparation resources: |
On-Premises MFA |
|
Know the use cases for On-Prem MFA, as well as understand the architecture, and know the steps to set up On-Prem MFA |
Preparation resource: |
SCIM App Wizard |
|
Know how to implement, test and troubleshoot the SCIM App Wizard |
Preparation resources: |
Implementing Directory Solutions |
12% |
Advanced configuration of the Okta AD Agent |
|
Know how to size the agent deployment, configure the agent to communicate with multiple domains, configure the agent for throughput, configure verbose logging, and configure the proxy settings |
Preparation resource: |
Advanced configuration with DSSO |
|
Understand how the global redirect url works and how the global redirect URL can be used along with DNS size or geolocation policies in DNS to support and provide local IWA to globally distributed companies. |
Preparation resource: |
Common multi-forest/multi-domain configuration issues |
|
Know how to test and troubleshoot common configuration issues in multi-forest/ multi-domain environments |
Preparation resources: |
LDAP Integration |
|
Know the common use cases for LDAP Agent such as delegated authentication and provisioning to existing LDAP environments, as well as the process to integrate LDAP with Okta |
Preparation resources: |
LDAP Interface |
|
Know how to implement, test and troubleshoot the LDAP interface. |
Preparation resource: |
Implementing Inbound Federation with Okta |
10% |
IdP Discovery |
|
Know how to deploy, test and troubleshoot IdP discovery when configured in Okta, including configuring IdP policy, and IdP routing rules based on user attributes, group membership, etc.; not the on-prem app that could be built |
Preparation resource: |
Okta as a service provider with a 3rd party IdP |
|
Know when to use Okta as a service provider (SP) with a 3rd party identity provider (IdP) |
Preparation resource: |
Social Identity Providers |
|
Know how to implement social login with Okta, including configuring the various components required for social login, such as OAuth 2.0 client in the social provider, an identity provider in Okta, and an OIDC application in Okta |
Preparation resources: |
Inbound Federation |
|
Know how to troubleshoot Inbound Federation |
Preparation resources: |
Implementing Okta Policies |
13% |
Adaptive MFA |
|
Know which types of conditions can be used as triggers such as new city, country, state, IP or velocity rules |
Preparation resources: |
Device Trust (Windows and Mac) |
|
Know how device trust works with a third party provider |
Preparation resource: |
Okta Sign On Policy with Behavioral Detection |
|
Know how to explain, deploy, and troubleshoot Behavioral Detection for an application sign-on policy |
Preparation resource: |
Pre-Authn Sign-on Evaluation Policy |
|
Understand the benefits of the Pre-authn sign-on evaluation policy |
Preparation resources: |
ThreatInsight |
|
Know the prerequisites for configuring ThreatInsights as well as the steps to configure ThreatInsights and how to exempt access from trusted IP addresses blocked by ThreatInsight |
Preparation resource: |
Working with Okta APIs and API Access Management |
13% |
API Access Management |
|
Know the common use cases for API Access Management and know how to create a custom authorization server and how to properly add claims |
Preparation resources: |
API Code Collection |
|
Know the common use cases for Okta APIs |
Preparation resources: |
Know which Okta API calls fall under which collection |
Preparation resources: |
Commonly used scripted API calls (Example: deactivate/delete all users in group) |
|
Know which APIs are in the Okta API collection, the commonly used ones and what they are used for; but not the exact calls |
Preparation resources: |
Entitlement architecture - claims vs. scopes and their relationship |
|
Know the differences between claims and scopes and how claims and scopes are used in the context of OIDC |
Preparation resources: |
OAuth/API AM wrt best practices |
|
Know why API AM should be used and why a customer would want a custom authorization server and the security the customer gains by using it |
Preparation resource: |
Sample items
Know what to expect on the day of the exam. Take the Okta Consultant Practice Exam to familiarize yourself with the format of the DOMC item type.
Click the button below to check it out.