Use Access Certifications campaigns to periodically review users' access to resources. During a campaign, a campaign administrator determines the users, resources, and reviewers that are a part of the campaign.
If you’re assigned as a reviewer for one or more items in a campaign, you’re granted access to the Okta Access Certification Reviews application in your dashboard. You can review and make decisions about a user’s current access in the app.
Use the app to approve or revoke a user’s access, or reassign the review item to another user if needed. Your decisions on review items are final and you can’t change them.
- Verify your decisions before making them. When you submit a decision for a review item, it’s final and the action takes place immediately.
- Add a business justification to provide context on the decision you made, whether that is to approve or revoke access. This note is visible to you and the campaign administrator. When reassigning a review item, the justification is visible to the user who you reassigned the review item to.
- You can reassign a review item to another user if you think they’re better suited to review a user’s access. Reassigning a review item doesn’t extend the campaign’s end date. The new reviewer must approve or revoke access before the campaign ends.
For campaigns with multilevel reviews, keep the following considerations in mind:
Some review items are sent to second-level reviewers.
The second-level reviewer can take a decision only after the first-level review approves or revokes a review item. It’s important for the first-level reviewers to finish the reviews on time to avoid blocking the campaign’s progress.
The second-level reviewer can view the first-level reviewer’s decision and the justification for a review item.
The final reviewer varies depending on the campaign’s configuration.
Remediation occurs only for the decisions of the final reviewer. See Remediation.
Note: Multilevel Reviews is an Early Access feature for orgs with Identity Governance enabled. Use the Early Access Feature Manager as described in Manage Early Access and Beta features to enable the feature.
Start this task
- On your dashboard, click Okta Access Certification Reviews.
- On the My reviews page, go to the Open tab, and select the access certification campaign that you want to begin reviewing.
- Select a review item to view more details about the user and resource you're reviewing, and the user’s resource usage.
The review pane includes:
- User Details: Information pulled directly from their user profile in Okta.
- Resource Details: This section contains the following information:
- The application or group that you're reviewing.
- When the user last accessed the application and any previous reviews related to access. After you’ve completed a review, you can also review the decision and business justification you completed.
- When the user's access to the application or group was last reviewed.
- When the application was assigned to the user.
- The entitlements that the user has for the resources. Currently, you can only view users' entitlements for AWS, Box, NetSuite, O365, and Salesforce apps.
- History: This section contains useful information such as details about the initial assignment, business justification for the reassignment, details of the assigned reviewer, and the reviewers' decision.
- Click Approve or Revoke. Provide a business justification for your decision. When you approve or revoke access, the remediation process begins immediately.
You can reassign a review item to another user if you think they’re better suited to review a user’s access. See Reassign review items.
- Click Submit.
You can also select multiple review items and approve or revoke access or reassign the reviews for the selected items. You can only take one action at a time and the business justification that you enter applies to the selected review items.