Access reviews
Review users' access to resources regularly using Access Certifications campaigns.
A campaign becomes active on its scheduled start date. When a campaign is active, reviewers can approve or revoke a user's access to a resource. They can also reassign the review item to another reviewer. However, reviewers can't change their decisions on review items after submitting them.
The campaign is marked as closed on the campaign's scheduled end date, when all reviewers in the campaign complete their reviews, or when you (super or access certifications admin) close the campaign before the scheduled end date. After a campaign ends, reviewers can't approve or revoke any pending review items.
For campaigns with multilevel reviews, some items reviewed by a first-level reviewer are sent to a second-level reviewer for approval. In this case, the second-level reviewer is the final reviewer for those review items and must make a decision before the campaign ends.
Sometimes, a second-level reviewer may see new review items assigned to them after the second-level review has begun. This happens when the first-level reviewer finished reviewing their pending items after their due date.
Only super admins can reassign review items in a campaign that reviews admin roles. See Considerations.
When reviewing user access, reviewers can also view details of separation of duties conflicts if you (a super or access certifications admin) have configured it on the Contextual Information page before the campaign launch. See Customizable reviewer context.
Reviewers can view previously completed campaigns that they reviewed from the Closed tab of the My reviews page in the Okta Access Certifications Reviews app. If the campaign owner sets up email notifications, reviewers receive notifications for the following events:
- An admin or a reviewer assigns review items.
- A reviewer has pending review items and the campaign ends soon.
-
Overdue reminders for first-level reviewers, if they have pending review items.
- When the campaign ends.
If you know that a reviewer will be unavailable for a period of time, you (super admin) or the reviewer can assign a delegate for the reviewer. Note that review items aren't assigned to the delegate if a reviewer included in the campaign assigns a delegate after the campaign launches. See Assign delegate from the Admin Console and Manage delegates.
For campaigns with the Reviewer type as Group or Group Owner, if a group member assigns a delegate who isn't a member of the group, any future review items are assigned to the delegate along with existing group members. The Review details panel for a review item also indicates, which users are delegates.