Category: IGA
-
New Access Certification Auditor Reporting Package in OIG
Okta has just released a new Early Access feature for Okta Identity Governance Access Certifications – the Auditor Reporting Package. This new feature significantly expands the usefulness of OIG Access Certification campaign reporting. Introduction When Okta Identity Governance (OIG) was released with Access Requests and Access Certification, there was reporting included. It was available under…
-
Role Analysis with Okta ISPM – Are My Groups and Roles Being Used Effectively
Okta Identity Security Posture Management (ISPM) performs analysis on groups and roles which can be used to tune access via groups/roles and reduce risk. This article explores how to use ISPM for role analysis. Background Roles and a role-based identity system have been the Holy Grail for identity governance and administration (IGA) practitioners and products…
-
New Delegate Feature in OIG
Okta has recently released a delegate feature in Okta Idenity Governance. This feature allows all governance activity, such as reviewing access requests or access certifications, to another Okta user (optionally for a set period). This article introduces the new feature. Introduction We all need to go on leave or take time off. So what happens…
-
New Okta Group Push API
If you have been working with applications in Okta for some time and occasionally use the APIs (or Workflows) you would be aware that one glaring omission in the API library was an API to manage the Push Groups on applications. This has now been addressed with the Group Push Mapping API. The Group Push…
-
The New Unified Requester Experience in OIG
This article introduces the new Access Requests – Unified Requester Experience that is currently rolling out as an Early Access feature in Okta Identity Governance (OIG). The Background As Okta was building its new Identity Governance and Administration (IGA) product, it acquired a company to provide what would become the Access Requests component of Okta…
-
A Brief Intro to SoD with OIG
Okta has just released a separation of duties feature into Okta Identity Governance. This article provides a brief introduction to the feature. Introduction Separation of Duties (or Segregation of Duties, or more commonly SoD) has been a standard control for identity governance for a quarter of a century. The concept is that a user should…
-
Importing Entitlements for Disconnected Apps in OIG
Okta recently introduced a new feature into Okta Identity Governance for importing users and entitlements for disconnected apps via a CSV import. This article explores the new feature. Introduction Okta has had the ability to import users via a CSV file for a long time. This has been an effective way to bulk load users…
-
Preconfigured Access Certification Campaigns in Okta Identity Governance
The Access Certifications capability has been a core part of Okta Identity Governance (OIG) since its inception. However in the first update for this year (2025.01.0), Preconfigured Access Certifications Campaigns were added to OIG. This article explores the new feature. Overview Building of access certification campaigns is very straightforward. The wizard-like flow walks you through…
-
An Introduction to Realms in Okta
Okta recently added a new feature to the Universal Directory called Realms. This article provides an overview of the new feature. Note that Realms is only available with the Okta Identity Governance and Secure Partner Access products. At the time of writing this article, Realms is in Early Access. Background – Why do we need…
-
Reduce Risk through Governance for Okta Administrators
In this article we explore the different patterns for associating users with administrative roles and how we can reduce the risk around these using governance. There are multiple articles listing the controls that should be applied to the administrative access in Okta, but this article will focus on the governance controls. Introduction Okta administration is…
-
The Combined Power of Okta Privileged Access and Okta Identity Governance
This article looks at the benefits of combining Okta Privileged Access with Okta Identity Governance to reduce the risk of using privileged accounts and access. Introduction Both Okta Privileged Access (OPA) and Okta Identity Governance (OIG) are part of the Okta Workforce Identity Cloud platform (Okta WIC). OIG is focused on governing identities – having…
-
New Features for the Access Request Conditions and Resource Catalog in Okta Identity Governance
Two new features have been introduced into the Access Request Conditions and Resource Catalog (aka RCAR) feature in Okta Identity Governance – Request on Behalf Of, and User-specified Access Duration. This article introduces these new features. Request On Behalf Of Okta Identity Governance introduced the ability to request access on behalf of another user into…
-
Customisable Access Certification Reviewer Content in OIG
This article looks at the new customisable reviewer content in Okta Identity Governance (OIG) Access Certifications. The doc link for this new feature is https://help.okta.com/oie/en-us/content/topics/identity-governance/access-certification/iga-ac-customizable-context.htm. Introduction Access Certification (or recertification, attestation) is a key capability in any Identity Governance product and it is the one most likely to cause friction with business users. If you’re…
-
Managing Access in Okta Privileged Access with the new OIG Resource Catalog
Okta has released into Early Access a new feature called the Access Request Conditions and Resource Catalog, or more simply the Resource Catalog. This is a new way to configure and use access requests in Okta Identity Governance. This article shows how this can be applied to access within Okta Privileged Access. Introduction Okta Privileged…
-
Privileged Access Management for AWS using Okta Workforce Solutions
This article is a summary of a presentation I recently gave looking at Okta Workforce Identity Cloud and Amazon Web Services (AWS). It is focused on how privileged access management can be applied to AWS users and access, leveraging the different Identity and Access Management (IAM) capabilities in Okta. Note that this article talks about…
-
OIG APIs – Use Okta Connector in Workflows Now
This short post is for the information of people who may look at some of the older OIG API and Workflows articles on this site and find they no longer work. You should be using the Okta Connector with the Custom API Action card now instead of the old generic API Connector card. The OLD…