Create a Request Type

This page explains the general process of creating a Request Type for Okta Access Requests. For a more specific example, see Configure a Request Type associated with bundles or Create a sample Request Type.

Before you begin

  • Create an Access Requests team or ensure that you’re a part of the team you want to create a Request Type for.
  • Push Okta groups to Access Requests
  • To use a requester's manager as approver, ensure that the managerId user attribute in Okta is set as the Okta username or email address of the user's manager. Otherwise, the request's assignee has to manually specify an approver for the request.
  • To use group owner as an approver in requests, take the following considerations into account:
    • If the owner of a group in Okta is another Okta group, this group must be pushed to Access Requests in order for it to be used as an approver.
    • If you want to assign group owners as approvers for a Request Type, ensure that you have group owners configured in Okta. See Group ownership.
    • If there are multiple group owners, only one group owner needs to review and take action on the request. So if a group member approves or revokes access for a request, the request is marked as completed for all owners.
    • If the number of group owners within a group is greater than 10, then requests are randomly assigned to 10 group owners.
  • To use the Run a workflow action, ensure that you have the following setup:

    1. Enable the Okta Workflows actions in Access Requests and Assign admin roles to apps features for your org.

      Okta Workflows actions in Access Requests is an Early Access release for orgs with Identity Governance enabled. See Enable self-service features.

    2. Set up delegated workflows. See Delegated flows and Build a delegated flow.

    3. Create a custom admin role with the following configuration:

      1. The role has the Run delegated flow permission.

      2. The resource set contains one or more delegated flows, which need to be executed.

      3. Assigned this role and the resource set to the Okta Access Requests OAuth application.

        See Create an admin assignment using a role.

    4. Sync the Workflows resource manually to immediately use the delegated flow you created. See Manually sync resources from Okta.

    5. Give teams access to the Workflows resource.

      1. Go to Access Requests console Settings Resources Workflows.

      2. Click Manage Access.

      3. Enable the toggle for the team on the Full access to all Workflows dialog.

Start this task

  1. Open the Access Requests Admin Console.

  2. On the left panel, click Access Requests.

  3. Click Create Request Type.

  4. From the editor window, configure the general settings. See General settings.

  5. Click Question to add questions to collect information from users. A requester can't modify answers to the questions after they submit the request.

  6. Configure the question settings. See Question settings.

  7. Optional. Click Question to add more questions. Drag the questions to change the order in which they appear to the requester.

  8. Click Task on the central panel to add tasks to prompt actions from a user.

  9. Configure the task settings. See Task settings. You can also add a task that automatically runs an Okta Workflow.

  10. Optional. Click Task to add more tasks.

  11. Optional. Click Timer on the central panel to add a timer to control the flow and timing of follow-up actions.

    Timers can last for up to 90 days. If a duration or date is specified outside the limit, the timer still ends after 90 days. After the timer expires, the request begins any followup actions. The timer ignores any changes to the request that would change the end date of the timer.

  12. Configure the timer settings. See Timer settings.

  13. Optional. Configure conditional logic for tasks or questions.

    1. Select a task or question on the central panel.

    2. On the right panel, open the Logic tab.

    3. From the drop-down menu, select Only show this field if or Only show this task if

    4. From the Field or task drop-down menu, select a task or question that should be a prerequisite.

    5. Specify a logical operator and content to match against. The available operators vary depending on the input type you’ve selected for your question or task, and the task type. See Operators.

    6. Optional. Add more conditions.

    7. After you add a second condition, select All or Any from the dropdown menu to determine whether requesters need to meet all or any of the conditions for the field or task to be available to them.

  14. Click Publish to make the Request Type available to the specified audience.

To understand the experience for requesters and approvers, see Create requests and Manage tasks.

Related topics

Request Type settings

Configure a Request Type associated with bundles

Create requests