IT Operations
IT-Operations
should be used
to manage authentication of shared accounts whenever possible, since Okta has individual user activity logs; these logs help provide a compensating control to mitigate the risk associated with shared account access.policy exception
is required to track this shared access. A process for the lifecycle of the access and a mechanism to alert the appropriate teams when authentication credentials must be reset (e.g., email alerts, an issue, calendar event, etc) should be established.Security Process and Procedures for Team Members
- Accounts and PasswordsAccess Management Process