This article presents details about the latest improvements of the Okta Privileged Access (OPA) and how they can be leveraged in different scenarios. 

• Okta Privileged Access (OPA)
• Use cases for OPA

Okta has added many additional capabilities to OPA - such as:

• Revamped the Administrative roles to provide for delegation and separation of duties.
• Improved Policies that give additional, conditional access controls, such as Per-Attempt MFA and Access Requests.
• Discovery and management of Privileged Account Passwords, including rotation.
• The vaulting of Generic Secrets.
• Improved auditing by integration with the Okta System Log.

Examples of how these can be used in real-world scenarios are:

• Delegation of administrative duties to teams within a distributed/federated enterprise. Minimizing overhead and burden on a central team
• Requiring MFA upon each access attempt can guard against account takeovers and may be necessary to meet regulatory and compliance requirements for in-scope systems. Access Requests can act as an additional layer of protection by requiring a human approver to grant access to resources, further controlling access to sensitive systems.
• By protecting shared privileged accounts and built-in accounts with discovery and password management, we can ensure that these sensitive accounts have automatically rotated passwords and that users do not have standing access to these accounts. Additional controls such as MFA and Access Requests can be layers on top of this.
• Protection of Generic Secrets enables customers to eliminate insecure storage places and ensure that these sensitive bits of data do not become exposed.
• Improved System Log integration enables customers to effectively monitor specific events and trigger actions or responses when they occur.