Okta Identity Governance release notes

Security access reviews is generally available in Production environments

Security access reviews are a new, security-focused type of user access review that can be automatically triggered by events. These reviews provide a unified view of a user's access, and contextual information about their access history including an AI-generated access summary, allowing you to investigate and take immediate remediation actions like revoking access. You also have the option to enable or disable the AI summary from the Governance AI tab of the Settings page. See Security access reviews.

Access Requests for AD Groups is generally available in Production environments

You can now manage access requests for Active Directory (AD)-sourced groups directly from Okta. This allows you to use AD groups when configuring access request conditions and enables users to request membership directly from their Okta dashboard. When a request is approved, the requester's access is granted in AD. It's also removed when it expires (if it's time-bound). Additionally, if you select a resource owner as a task assignee in an approval sequence, the AD-sourced group's manager is assigned to the task. This feature eliminates the need for duplicate Okta groups or custom workflows and supports creating a strong security posture with time-bound access. See Access governance for AD groups.

Escalate tasks is generally available in Production environments

Access request admins and request assignees can escalate stalled tasks within a request to the task assignee's manager. Requesters can also escalate tasks within their access requests if you've enabled the Allow requesters to escalate tasks toggle on the Settings page. This helps expedite request resolution, prevents bottlenecks, improves productivity, and helps reduce the use of risky workarounds. Task escalation is a secure, auditable, and automated process that helps you adopt time-based access request models by supporting both efficient operations and strong security postures. See Manage tasks and Allow requesters to escalate tasks.

Changes to the Campaign Summary report

If predefined user scope is selected for a resource campaign, then depending on the selection, the User scope column of the Campaign Summary report now shows either Users with no recent activity or Users with SOD conflicts.

New look and feel in the Access Requests email notifications

The Access Requests email notifications have a new look and feel, including updates to the text alignment, colors used, location of the Okta logo, and the addition of a gray background.

Changes to the group owner functionality in approval sequences

For approval sequences, you can now select the Resource Owner option if you want to assign the task to the group owner of the group specified in the Access level of the access request condition. Any existing approval sequences that had tasks assigned to a combination of Group owner and The group being requested have been automatically updated to Resource owner. You can continue to use the Group owner option to assign tasks to group owners of other groups (not specified in the access level of the access request condition). Additionally, the following approval sequence templates have been renamed:

• Justification + Group Owner Approval is now Justification + Resource Owner Approval

• Manager, Group Member & Owner Approvals is now Manager, Group Member & Resource Owner Approvals

See Configure an approval sequence.