Category: IGA
-
Designing OIG Access Requests for Ease of Use
Access Requests are designed to be used by all people in an organisation. So making the interface and information presented be more user friendly should be a goal of any deployment. In this article we look at what information is presented to end-users by Okta Identity Governance (OIG) Access Requests and how you can use…
-
OIG Access Requests – Requesting Access in Slack
A key benefit of Okta Identity Governance is the ability to interface with access request flows via chat tools such as Slack and Microsoft Teams. This article provides a summary of the different ways users can request access in Slack and how to monitor the progress of a request in Slack. Overview of OIG Access…
-
Integrating ServiceNow with OIG Access Requests
One of the standard integration points with Okta Identity Governance (OIG) Access Requests is to log a ticket of an access request in an ITSM tool like ServiceNow. This article explores the integration between OIG Access Requests and ServiceNow. Overview of Integration The primary focus of the Okta Identity Governance (OIG) Access Requests function is…
-
OIG Access Requests – What Else Can You Do?
The Okta Identity Governance (OIG) Access Requests module is built for requesting (and reviewing/approving) access to applications or groups in Okta. However, the module can do a lot more with the actions provided for the Okta integration. This article explores these and gives some examples of how they can be used. Please note that an…
-
Requesting Roles Through OIG Access Requests
This article looks at how Okta Identity Governance (OIG) can be used to provide a role-request feature in Access Requests. The example used is roles for Salesforce. What Roles? If you’re familiar with the Okta Identity Cloud data model, you will know there are users, groups and applications but no roles (other than roles to…
-
Inactive Application Account Reporting with Okta Workflows
I was recently asked about reporting, and possibly recertification, of inactive accounts in Okta. We can run reports in Okta on Okta profile states to find inactive users. We also have an Okta Workflows template to find and report on Okta users who haven’t accessed Okta in a period of time. But what about application…
-
Separation of Duties (SoD) With Okta Workflows
Implementation of Separation of Duties controls is often an Identity Governance requirement. Whilst SoD controls will find their way into the Okta Identity Governance product at some point, they can be implemented today using the Okta Identity Cloud data model and Okta Workflows. This article provides a sample implementation. Note that there is a later…
-
Continuous Certification with Okta Workflows
This article provides an approach to implementing continuous (re)certification using Okta Workflows. It discusses the concept and then walks through the sample implementation. IGA, Certification and Continuous Certification A key focus for Identity Governance and Administration (IGA) implementations is access certification (aka recertification or attestation). The aim of this is to periodically validate the access…
-
IGA and PAM – Managing Identities in a Red Hat OpenShift Environment
You might have missed it as there wasn’t a lot of press, but IBM recently acquired a small startup called Red Hat. As with many IBMers, I have been on a steep learning curve to understand the capabilities this brings. As an interesting exercise, I thought I’d treat the OpenShift stack as an identity project…
-
SCIM Will Solve All Your IGA Problems, Right?
Continuing my theme of exploring IGA topics and “the Cloud”, I thought it worthwhile looking at SCIM and its adoption since it appeared eight years ago. The System for Cross-domain Identity Management, or SCIM, is the current rockstar of Identity Governance and Administration (IGA). It’s a lightweight data model utilizing JSON and REST that seems to solve…
-
IGA Cloud or On-Prem – Have You Checked the Plumbing?
A major decision for all software deployments, including Identity Governance and Administration (IGA) deployments, is what platform to deploy to; cloud, on-premise or a hybrid of the two. Many IGA products are available as both cloud-based and on-prem. Some on-prem products can be hosted as SaaS or managed service offerings in the cloud. Some of…
-
How Much Workflow Do You Need for Your IGA Project?
Workflow is a core capability in any Identity Governance and Administration (IGA) deployment; IGA is all about automating the business processes around managing and governing users and their access. IGA deployments often take much longer than anticipated and don’t achieve all of what the project set out to do. Why? There are many factors, but…
-
Risk-based Access Approval with IBMs IGA Products
Identity Governance and Administration (IGA) solutions are all about reducing the risk to businesses that users and their access represent. But they also need to maintain an ease-of-use so that users don’t find ways to circumvent IGA controls and introduce more risk. With IGA tools, like IBM Security Identity Governance and Intelligence (IGI) and IBM Security Identity Manager…
-
IGDM Part 3 – Implementing the Identity Governance Data Model
This article is the third in a series of three looking at a proposed common Identity Governance Data Model (IGDM). This third article suggests an implementation of the module using a SCIM-like approach. This model attempts to address the needs of managing heterogeneous complex target system access models in an Identity Governance and Administration (IGA)…
-
IGDM Part 2 – Validating the Proposed Identity Governance Data Model
This article is the second in a series of three looking at a proposed common Identity Governance Data Model (IGDM). This second article validates the model against some common complex applications. This model attempts to address the needs of managing heterogeneous complex target system access models in an Identity Governance and Administration (IGA) environment. The…
-
IGDM Part 1 – Proposing an Identity Governance Data Model
This article is the first in a series of three looking at a proposed common Identity Governance Data Model (IGDM). This first article proposes the model. This model attempts to address the needs of managing heterogeneous complex target system access models in an Identity Governance and Administration (IGA) environment. The proposed IGDM is designed to…