IAmDavid

Tag: Access Certification

  • New Access Certification Auditor Reporting Package in OIG

    Okta has just released a new Early Access feature for Okta Identity Governance Access Certifications – the Auditor Reporting Package. This new feature significantly expands the usefulness of OIG Access Certification campaign reporting. Introduction When Okta Identity Governance (OIG) was released with Access Requests and Access Certification, there was reporting included. It was available under…

  • New Delegate Feature in OIG

    Okta has recently released a delegate feature in Okta Idenity Governance. This feature allows all governance activity, such as reviewing access requests or access certifications, to another Okta user (optionally for a set period). This article introduces the new feature. Introduction We all need to go on leave or take time off. So what happens…

  • A Brief Intro to SoD with OIG

    Okta has just released a separation of duties feature into Okta Identity Governance. This article provides a brief introduction to the feature. Introduction Separation of Duties (or Segregation of Duties, or more commonly SoD) has been a standard control for identity governance for a quarter of a century. The concept is that a user should…

  • Importing Entitlements for Disconnected Apps in OIG

    Okta recently introduced a new feature into Okta Identity Governance for importing users and entitlements for disconnected apps via a CSV import. This article explores the new feature. Introduction Okta has had the ability to import users via a CSV file for a long time. This has been an effective way to bulk load users…

  • An Introduction to Resource Collections in OIG

    This article introduces the new Resource Collections feature in Okta Identity Governance, looking at how collections are defined, requested and reviewed. Introduction Okta has introduced a new feature into Okta Identity Governance (OIG) called Resource Collections (or sometimes referred to as just Collections). They are a way to define a role that spans different entitlements…

  • Preconfigured Access Certification Campaigns in Okta Identity Governance

    The Access Certifications capability has been a core part of Okta Identity Governance (OIG) since its inception. However in the first update for this year (2025.01.0), Preconfigured Access Certifications Campaigns were added to OIG. This article explores the new feature. Overview Building of access certification campaigns is very straightforward. The wizard-like flow walks you through…

  • The Combined Power of Okta Privileged Access and Okta Identity Governance

    This article looks at the benefits of combining Okta Privileged Access with Okta Identity Governance to reduce the risk of using privileged accounts and access. Introduction Both Okta Privileged Access (OPA) and Okta Identity Governance (OIG) are part of the Okta Workforce Identity Cloud platform (Okta WIC). OIG is focused on governing identities – having…

  • Customisable Access Certification Reviewer Content in OIG

    This article looks at the new customisable reviewer content in Okta Identity Governance (OIG) Access Certifications. The doc link for this new feature is https://help.okta.com/oie/en-us/content/topics/identity-governance/access-certification/iga-ac-customizable-context.htm. Introduction Access Certification (or recertification, attestation) is a key capability in any Identity Governance product and it is the one most likely to cause friction with business users. If you’re…

  • Privileged Access Management for AWS using Okta Workforce Solutions

    This article is a summary of a presentation I recently gave looking at Okta Workforce Identity Cloud and Amazon Web Services (AWS). It is focused on how privileged access management can be applied to AWS users and access, leveraging the different Identity and Access Management (IAM) capabilities in Okta. Note that this article talks about…

  • OIG Entitlement Management Videos on YouTube

    Some colleagues have recently published a set of videos on YouTube (okta channel) highlighting some of the features of the new Entitlement Management capability in Okta Identity Governance (see out Entitlement Management page for more information on the product). Most of the videos will show up by searching for “entitlement” and “okta” (https://www.youtube.com/results?search_query=entitlement+okta). It may…

  • Okta Privileged Access – Determining and Highlighting Risk in Roles and Policies

    Okta Privileged Access provides a flexible framework for controlling who can access what privileged resources and how. This includes resource groups for managing resources, security policies for controlling access, administrative roles to manage them, and principals to use them. Invariably configuring the PAM solution will introduce risk. But how to monitor and manage the risk…

  • Okta Privileged Access and Access Certification – Getting Roles into the Group Description

    As with many SaaS applications in Okta, application entitlement can be managed via Okta Groups pushed to Okta Privileged Access (OPA). This means membership in OPA policies and roles is based on Okta Group membership and thus can be governed by access requests and access certification for those groups. In this article we look at…

  • User Access Reviews in Okta Identity Governance

    User Access Reviews in Okta Identity Governance

    This article explores the new user campaign (User Access Review) feature in Okta Identity Governance (OIG) Access Certifications. Introduction The ability to build and run access certification campaigns against resources in Okta (groups and applications) has been in Okta Identity Governance (OIG) since it was released. In June User Campaigns was added to address User…

  • New Reviewer Options in OIG Access Certification

    New Reviewer Options in OIG Access Certification

    There was a recent change to the reviewer selections for Okta Identity Governance (OIG) Access Certification to allow for more options and to simplify the administrative experience. The feature is currently an Early Access feature (the “Reviewer Assignment” enhancement) that can be turned on in an OIG-enabled Okta org. It will roll into production over…

  • Risk-Based Application Certification in OIG

    If you were at Oktane22, or have listened to the Oktane22 roadmap sessions, you will know risk and use of risk signals is a key focus for Okta going forward. This includes leveraging risk in Okta Identity Governance (OIG), to help make access requests and access certification more effective. But can you leverage risk today?…

  • OIG – Triggering Workflows From Access Certification Reviews

    Okta Identity Governance (OIG) provides an access certification component for reviewing users and their access. When reviewing access, a reviewer (such as a users manager) can approve or revoke the access (or reassign). With the revoke action, the access certification campaign can be configured to automatically remove access or do nothing (i.e. leave the access…