Configure your Okta org for request types

If you use request types to manage requests, you must configure your Okta org first. Complete these tasks before creating request types.

You don't need to complete these steps if you manage requests using Access request conditions. If you’re new to Access Requests, use conditions to manage access requests first.

Configure provisioning

The first step is to provision accounts for Okta users within Access Requests. This process is similar for most Okta applications. Generally, admins select either specific users or groups of users who can then sign in to Access Requests with their existing Okta credentials. By default, Access Requests provisions accounts for all Okta super admins and access requests admins, but any other users or groups must be explicitly authorized.

  1. Access the Okta Admin Console.
  2. Go to ApplicationsApplications and click the Request Access app.
  3. Go to the Assignments tab, and click Assign.
  4. From the assignment window, identify users or groups.
  5. Click Assign.
  6. Click Done.

The system provisions accounts for the requested users.

Manually sync resources from Okta

Access Requests automatically groups logical representations of data as resources. Resources include applications and groups synced from Okta. To automate access to resources, you can create configuration lists from a resource and reference them in Request Types.

The system syncs resources from Okta daily, but you can sync resources manually (if needed).

  1. From the Access Requests Console, go to SettingsResources.
  2. Identify a resource type.
  3. Click the ellipses, and select Update Now.

To sync resources from integrations, such as Jira or Service Now, see Integrate Jira with Access Requests and Integrate ServiceNow with Access Requests.

Push Okta groups to Access Requests

This process allows you to use your existing Okta groups and better model your organizational structure and business process within Access Requests. For example, an Access Requests team might want to assign specific approvals or tasks to members of an Okta group for review.

Users must already be provisioned to Access Requests before they can be pushed as part of an Okta group.

  1. Access the Okta Admin Console.
  2. Go to ApplicationsApplications and click the OktaAccess Requests app.
  3. Go to the Push Groups tab, and click Push Groups.
  4. From the menu, select a search method.

    Method

    Action

    Find groups by name

    Allows you to select and sync a specific Okta group.

    1. From the search window, enter the name of an existing group.
      Note: Matching groups are displayed as you type.
    2. Select the matching group.
    3. Optional. Select Push group memberships immediately.
    4. Optional. Select a push action.
      Note: Use the Link Group action only if you're pushing a group that was previously unlinked from Access Requests.
    5. Click Save.

    Okta syncs the group with Access Requests.

    Find groups by rule

    Allows you to create rules that sync one or more Okta groups.

    1. From the rule window, enter a name for the rule.
    2. Enter text to match to existing groups.
    3. Optional. Select Immediately push groups found by this rule.
    4. Click Save.

    Okta syncs any groups that match the criteria with Access Requests

To view the groups you push from Okta, go to the Access Requests ConsoleSettingsPushed Groups tab.

Configure sign on policies

The next step is to configure a sign-on policy for Access Requests. This is an optional process but allows organizations to control access to Access Requests. Creating rules is straightforward and should be familiar to most Okta admins. You can define various If/Then style rules from dropdown menus or by using the Okta Expression Language. For details, see Okta Expression Language in Okta Identity Engine.

Create additional Access Requests admins

By default, any user with Okta super administrator permissions is also an Access Requests admin. When a super admin is first assigned to Access Requests, their account is automatically assigned admin permissions within Access Requests.

Changes to Okta super admin accounts aren't automatically synced for users already assigned to Access Requests. You must manually reassign the application to the user after adding or removing the super admin permissions within your Okta organization.

  1. From the Okta Admin Console, add the Super Administrator permission to a user.
    For more information, see Assign administrator permissions.
  2. Unassign the user from Access Requests.
  3. Reassign the user to Access Requests.

Next step

Create an Access Requests team