https://iam.fabiograsso.net/ Recent content in I_AM Fabio — Okta, IAM & Zero Trust Security Blog on I_AM Fabio Hugo en https://iam.fabiograsso.net/howto/okta-pam-workloads/ Mon, 15 Jun 2026 11:00:00 +0200 https://iam.fabiograsso.net/howto/okta-pam-workloads/ Okta Privileged Access 2026.04.0 introduced workload identity for automation. This article explains how Workloads helps CI/CD pipelines, infrastructure automation, cloud workloads, scripts, and AI agents authenticate with native platform identity and runtime OIDC tokens instead of hardcoded API keys or service account secrets. https://iam.fabiograsso.net/blog/ai-cost-2026/ Mon, 18 May 2026 09:00:00 +0000 https://iam.fabiograsso.net/blog/ai-cost-2026/ A critical but not anti-AI reflection on costs, productivity, layoffs and human work in 2026. AI is real and useful, but the promise of replacing a team with a cheap monthly subscription is running into economic, technical and organizational limits. https://iam.fabiograsso.net/tips/okta-autoclick-email-or-sms/ Mon, 18 May 2026 00:00:00 +0000 https://iam.fabiograsso.net/tips/okta-autoclick-email-or-sms/ When using Okta Identity Engine (OIE), the Sign-In Widget shows an authenticator selection screen that requires the user to manually pick Email or SMS before proceeding. If your policy only allows one method, this extra click adds friction with no benefit. Here’s how to skip it entirely with a small JavaScript customization in the Sign-In Widget. https://iam.fabiograsso.net/blog/okta-ai-newyork/ Sun, 10 May 2026 10:00:00 +0000 https://iam.fabiograsso.net/blog/okta-ai-newyork/ Back from a week in New York, I share how AI is now everywhere: from Times Square billboards to subways, from cafés to the laptops of students and professionals. A journey through advertising, real-world use, and governance risks in the era of AI agents. https://iam.fabiograsso.net/blog/okta-ai-compliance/ Sun, 26 Apr 2026 00:00:00 +0000 https://iam.fabiograsso.net/blog/okta-ai-compliance/ EU AI Act, NIST AI RMF, NIS2, DORA: four regulatory frameworks, one identity layer. How Okta’s O4AA blueprint maps to every compliance requirement before the August 2026 deadline. https://iam.fabiograsso.net/blog/okta-ai-access-patterns-deep-dive/ Thu, 23 Apr 2026 10:00:01 +0000 https://iam.fabiograsso.net/blog/okta-ai-access-patterns-deep-dive/ Protocol-level deep dive into the four Okta for AI Agents access patterns: ID-JAG token structure, sequence diagrams, audit log examples, and step-by-step Okta configuration for XAA, STS, PSK, and Service Account. https://iam.fabiograsso.net/blog/okta-ai-access-patterns/ Thu, 23 Apr 2026 10:00:00 +0000 https://iam.fabiograsso.net/blog/okta-ai-access-patterns/ A strategic overview of the four access patterns for AI agent integrations — XAA, STS, PSK, Service Account — with a comparison matrix, decision framework, and migration roadmap. Companion deep dive covers protocol details and Okta configuration. https://iam.fabiograsso.net/howto/okta-opaflix-session-replay-tool/ Fri, 03 Apr 2026 04:00:00 +0000 https://iam.fabiograsso.net/howto/okta-opaflix-session-replay-tool/ Opaflix is an open-source tool to browse and replay Okta Privileged Access (OPA) SSH and RDP session recordings from AWS S3. Supports single-tenant and multi-tenant deployments, advanced search, infrastructure graph, and OIDC Authentication. https://iam.fabiograsso.net/blog/okta-ai-blueprint/ Wed, 18 Mar 2026 00:00:00 +0000 https://iam.fabiograsso.net/blog/okta-ai-blueprint/ Okta’s Showcase 2026 unveils the Agentic Enterprise Blueprint: a comprehensive framework to discover, govern, and secure AI agents as first-class identities, addressing the emerging shadow AI crisis and regulatory compliance requirements. https://iam.fabiograsso.net/howto/okta-generic-jdbc-connector/ Sun, 01 Mar 2026 12:00:00 +0100 https://iam.fabiograsso.net/howto/okta-generic-jdbc-connector/ Comprehensive guide to deploying Okta’s On-Premises Provisioning Agent, SCIM Server, and Generic Database Connector using Docker Compose. Covers architecture, setup, configuration, stored procedures, entitlement management, and testing workflows for bridging Okta with on-premises databases. https://iam.fabiograsso.net/howto/okta-as400-ibmi/ Fri, 30 Jan 2026 10:00:00 +0000 https://iam.fabiograsso.net/howto/okta-as400-ibmi/ A comprehensive guide to modernizing IBM i (AS/400) security by integrating Okta. This post covers MFA for terminal access using Precisely and explores two options for Lifecycle Management (LCM): the Okta OPP agent with custom scripts and the Aquera SCIM gateway. https://iam.fabiograsso.net/travels/phoenix-sedona-grandcanyon-route66/ Sun, 28 Dec 2025 00:00:00 +0000 https://iam.fabiograsso.net/travels/phoenix-sedona-grandcanyon-route66/ This is the first post in the travel section of the new blog! As Solutions Engineers and employees of SaaS companies, many of us find ourselves in Las Vegas at least once a year for corporate events like SKO (Sales Kick-Off), Oktane, or similar conferences. Instead of just taking the usual direct flight, why not seize the opportunity to explore some of America’s most iconic natural wonders? https://iam.fabiograsso.net/howto/okta-glpi-11/ Sat, 15 Nov 2025 15:46:00 +0200 https://iam.fabiograsso.net/howto/okta-glpi-11/ How to integrate GLPI 11, an open-source IT service management platform, with Okta for SSO. It covers running a GLPI test environment via Docker, LDAP and SAML configuration walkthroughs, and notes on OAuth/OIDC with commercial plugins. The guide highlights user import, authentication options, demo readiness, and security limitations for non-production use. https://iam.fabiograsso.net/howto/okta-lab-ldap/ Fri, 07 Nov 2025 09:00:00 +0100 https://iam.fabiograsso.net/howto/okta-lab-ldap/ Introduction # This guide provides a step-by-step walkthrough for deploying the OpenLDAP directory service, and integrate it with Okta, using Docker and Docker Compose. https://iam.fabiograsso.net/howto/okta-lab-mcp/ Sun, 05 Oct 2025 09:00:00 +0100 https://iam.fabiograsso.net/howto/okta-lab-mcp/ Set up an Okta MCP Server lab for AI-assisted administration using Docker Compose or native install, with practical examples for Claude, Gemini, and VS Code workflows. https://iam.fabiograsso.net/blog/quis-custodiet-ipsos-custodes/ Wed, 03 Sep 2025 05:00:00 +0200 https://iam.fabiograsso.net/blog/quis-custodiet-ipsos-custodes/ Who will guard the guards themselves? A critical analysis of vendor lock-in risks in IAM and the advantages of an agnostic approach based on Identity Fabric and open standards. https://iam.fabiograsso.net/blog/report-banca-italia-2024/ Fri, 29 Aug 2025 00:00:00 +0000 https://iam.fabiograsso.net/blog/report-banca-italia-2024/ Analysis of 2024 banking cyber incidents (+45%) according to Banca d’Italia report and the Identity Fabric strategy for operational resilience in the Italian and European financial sector. https://iam.fabiograsso.net/howto/okta-radius-docker-compose/ Sun, 24 Aug 2025 06:25:00 +0000 https://iam.fabiograsso.net/howto/okta-radius-docker-compose/ Complete Docker-compose stack for testing Okta RADIUS Agent with OpenVPN AS, including automated MFA test scripts and configuration examples. The guide covers setup, configuration, client IP reporting, supported factors, and security best practices. https://iam.fabiograsso.net/blog/2025-nist-sp-800-63-4/ Mon, 18 Aug 2025 00:00:00 +0000 https://iam.fabiograsso.net/blog/2025-nist-sp-800-63-4/ Technical analysis of the innovations introduced by NIST SP 800-63-4: from the end of forced password expiration to the emphasis on phishing-resistant authentication, with practical parallels on Okta products. https://iam.fabiograsso.net/internal/2025-new-blog/ Sun, 17 Aug 2025 00:00:00 +0000 https://iam.fabiograsso.net/internal/2025-new-blog/ Launch of my new blog dedicated to cybersecurity, IAM and CIAM, built with Hugo and hosted on Cloudflare Pages https://iam.fabiograsso.net/about/ Sun, 03 Aug 2025 00:00:00 +0000 https://iam.fabiograsso.net/about/ 👋 I’m Fabio Grasso, a Solutions Engineer at Okta, specialized in Identity & Access Management (IAM/CIAM). I work between France 🇫🇷 and Italy 🇮🇹, helping companies on their journey toward secure digital transformation. https://iam.fabiograsso.net/howto/okta-citrix-stepup-mfa/ Fri, 27 Jun 2025 00:00:00 +0000 https://iam.fabiograsso.net/howto/okta-citrix-stepup-mfa/ Learn how to implement step-up MFA with Okta in Citrix environments. This article explores three practical solutions: Okta group-based policies, dual-StoreFront architecture, and Citrix ADC with nFactor authentication. Discover the best approach for your organization. https://iam.fabiograsso.net/howto/aws-ec2-workflows/ Mon, 16 Jun 2025 00:00:00 +0000 https://iam.fabiograsso.net/howto/aws-ec2-workflows/ Automate AWS EC2 power management and DNS updates using Okta Workflows, AWS Lambda, and CloudWatch. Start and stop VMs from the Okta dashboard, enforce scheduled shutdowns, and dynamically update DNS records. The guide covers setup steps, security considerations, and cost management in AWS demo environments. https://iam.fabiograsso.net/tips/guest-accounts-microsoft-office-365-entraid/ Sun, 23 Mar 2025 00:00:00 +0000 https://iam.fabiograsso.net/tips/guest-accounts-microsoft-office-365-entraid/ How to handle EntraID B2B guest accounts in Okta: tenant-specific OIDC endpoints, username mapping, and the common pitfalls that block sign-in. https://iam.fabiograsso.net/tips/mac-os-resize-window-to-a-specific-size/ Fri, 16 Feb 2024 00:00:00 +0000 https://iam.fabiograsso.net/tips/mac-os-resize-window-to-a-specific-size/ Automate Mac OS window resizing with AppleScript to set precise dimensions and position for applications, useful for video recording or screen sharing. https://iam.fabiograsso.net/howto/okta-glpi-10/ Wed, 15 Nov 2023 15:46:00 +0200 https://iam.fabiograsso.net/howto/okta-glpi-10/ How to integrate GLPI, an open-source IT service management platform, with Okta for SSO. It covers running a GLPI test environment via Docker, LDAP and SAML configuration walkthroughs, and notes on OAuth/OIDC with commercial plugins. The guide highlights user import, authentication options, demo readiness, and security limitations for non-production use. https://iam.fabiograsso.net/howto/base64-header-oag/ Fri, 11 Aug 2023 15:46:00 +0200 https://iam.fabiograsso.net/howto/base64-header-oag/ This guide explains how to send Base64-encoded HTTP headers with Okta Access Gateway (OAG) using nginx configuration extensions. It covers internal-only app setup, usage of OpenResty modules, and examples for encoding user data in headers. Solutions include native nginx directives and Lua scripting, supporting common legacy integration needs for secure internal communication and custom header enrichment. https://iam.fabiograsso.net/howto/okta-flask-scim-server-docker-compose/ Wed, 09 Aug 2023 12:25:00 +0000 https://iam.fabiograsso.net/howto/okta-flask-scim-server-docker-compose/ Enable rapid SCIM server testing with Okta using Flask, Docker Compose, and ngrok tunnels. This guide details a working starter solution with persistent PostgreSQL data, Makefile commands for easy management, and public access via ngrok. Ideal for demo and development, it supports Okta provisioning but implements no production-grade security. Sample endpoints, troubleshooting notes, and port references included for quick setup.