Access Certifications

Use Access Certifications to launch security access reviews and campaigns to review and remediate user access.

Security access review

Review user access to sensitive resources in response to security incidents. A security access review is a review of a user's access to resources, their level of access, and the method with which access was granted. These reviews are prioritized based on app and entitlement criticalities and access anomalies, and are built to foster greater account and org security. Using the Okta Admin Console or APIs, you can launch these manually or trigger them automatically as a response to specific security events. This allows you to investigate access anomalies, confirm that access is appropriate, and revoke it temporarily or permanently if necessary.

Security access reviewsis an Early Access feature.

Access certification campaign

Review and certify user access to resources to adopt and enforce the least privilege access model. You can launch a campaign for a specific period as required or set them to run on a recurring schedule. An Access Certification campaign is typically broad in scope and covers a large set of users or critical resources. Okta remediates access automatically based on the settings you configure for a campaign. Run campaigns to help satisfy audit, compliance, and governance mandates.

The Access Certifications process helps your company meet the following requirements:

  • Improve org security by initiating security access reviews in response to specific events

  • Secure critical resources by implementing separation of duties (SoD) rules, which reduces the risk of inappropriate access to resources.

  • Pass industry audits by being able to verify access and provide evidence to auditors that only the right users have access to the right resources.

  • Reduce license costs related to license sprawl from temporary projects or users changing teams within an organization.

  • Use existing Okta configurations and app integrations to easily create campaigns and automate removal in third-party apps.

Personas

Security Access Reviews and Certification campaigns meet the needs of several different organizational roles.

Security Access Reviews

Persona Description
Admin Super admin or a custom admin with the Manage security access reviews and View users and their details permissions.
Reviewer Any user in the org who's assigned a security access review for another user and is responsible for revoking or restoring the user's access to resources.
User Any user in the org whose access to resources is being reviewed in the security access review.

Certification campaigns

Persona Description
Admin Super or access certifications admin.
Reviewer Any user in the org who's specified in the campaign settings as a reviewer. This user is responsible for making a decision on user access to resources included in the campaign.
User Any user in the org whose access to resources is included in the campaign's scope.
Campaign owner or campaign creator The admin who created the campaign. In some cases, campaign creators or owners are assigned as reviewers if the fallback reviewer is unavailable.

Components

Component Description
Campaign A general process that reviews access for access certification, compliance, and audit requirements.
Security Access review A targeted process that reviews a user's access to resources for security.
Resource
  • Campaigns: Groups, apps, entitlements, and bundles

  • Security access reviews: Apps, entitlements, and bundles. In Security Access Reviews, a resource is also referred to as an access item in the API. A security access review (or a review item) typically has multiple resources in it.

Review item
  • Campaigns: One of the user:resource mapping assigned to a reviewer for review. Usually campaigns have multiple review items assigned to a reviewer.

  • Security access reviews: The security access review itself for a user. When multiple security access reviews are assigned to the same reviewer, each one is referred to as a review item.

Related topics

Campaigns

Security access reviews