Access Certifications
Use Access Certifications to launch security access reviews and campaigns to review and remediate user access.
Security access review
Review user access to sensitive resources in response to security incidents. A security access review is a review of a user's access to resources, their level of access, and the method with which access was granted. These reviews are prioritized based on app and entitlement criticalities and access anomalies, and are built to foster greater account and org security. Using the Okta Admin Console or APIs, you can launch these manually or trigger them automatically as a response to specific security events. This allows you to investigate access anomalies, confirm that access is appropriate, and revoke it temporarily or permanently if necessary.
Security access reviewsis an Early Access feature.
Access certification campaign
Review and certify user access to resources to adopt and enforce the least privilege access model. You can launch a campaign for a specific period as required or set them to run on a recurring schedule. An Access Certification campaign is typically broad in scope and covers a large set of users or critical resources. Okta remediates access automatically based on the settings you configure for a campaign. Run campaigns to help satisfy audit, compliance, and governance mandates.
The Access Certifications process helps your company meet the following requirements:
-
Improve org security by initiating security access reviews in response to specific events
-
Secure critical resources by implementing separation of duties (SoD) rules, which reduces the risk of inappropriate access to resources.
-
Pass industry audits by being able to verify access and provide evidence to auditors that only the right users have access to the right resources.
-
Reduce license costs related to license sprawl from temporary projects or users changing teams within an organization.
-
Use existing Okta configurations and app integrations to easily create campaigns and automate removal in third-party apps.
Personas
Security Access Reviews and Certification campaigns meet the needs of several different organizational roles.
Security Access Reviews
| Persona | Description |
|---|---|
| Admin | Super admin or a custom admin with the Manage security access reviews and View users and their details permissions. |
| Reviewer | Any user in the org who's assigned a security access review for another user and is responsible for revoking or restoring the user's access to resources. |
| User | Any user in the org whose access to resources is being reviewed in the security access review. |
Certification campaigns
| Persona | Description |
|---|---|
| Admin | Super or access certifications admin. |
| Reviewer | Any user in the org who's specified in the campaign settings as a reviewer. This user is responsible for making a decision on user access to resources included in the campaign. |
| User | Any user in the org whose access to resources is included in the campaign's scope. |
| Campaign owner or campaign creator | The admin who created the campaign. In some cases, campaign creators or owners are assigned as reviewers if the fallback reviewer is unavailable. |
Components
| Component | Description |
|---|---|
| Campaign | A general process that reviews access for access certification, compliance, and audit requirements. |
| Security Access review | A targeted process that reviews a user's access to resources for security. |
| Resource |
|
| Review item |
|