Okta Identity Governance is generally available to customers on a subscription basis. For more information, contact your Account Executive or Customer Success Manager.
Directly integrated into an Okta organization, Okta Access Requests automates the process of requesting access to applications and resources. Expanding on Okta's existing self-service offerings, Access Requests delivers a simplified and frictionless approach that automatically routes user requests to one or more approvers for action.
This allows Access Requests to eliminate the challenges common in more traditional workflows:
- Poor request experience
- Risk of human error
- Decreased IT productivity
- Complex and rigid workflows
- Audit and compliance deficiencies
Access Requests meets the needs of several different organizational roles.
|Requester||Requesters want to quickly request access to specific resources using common productivity tools such as chat, email, or web.|
Approvers need clear visibility and context for requests, so they understand what to approve and for whom.
Approvers need to review approvals using common productivity tools such as chat, email, web to minimize bottlenecks and resolve requests.
Admins want to construct unique, no-code blueprints that ensure that stakeholders take appropriate actions before completing a request.
Admins want to orchestrate automated request fulfillment so teams aren’t responsible for managing low-risk access requests.
Access Requests uses a combination of the following components:
|Access Requests Teams||
Use teams to organize users into logical groups within Access Requests. See Create an Access Requests team.
Teams can create Request Types and manage any associated requests.
You can also associate one or more teams with a Request Type to allow those teams to manage the Request Type and incoming requests for that Request Type. Okta recommends that you use groups instead of teams for handling approval tasks within a Request Type.
Add a team to a resource to use the resource in automated tasks.
|Request Types||Request Types are collections of tasks used to define how to process a request.
Each Request Type is made of one or more tasks that are routed to approvers for review. Access Requests teams create and own Request Types. See Request Types.
|Audiences||Audiences control which users can submit a request with a specific Request Type.
Teams can make Request Types available to everyone, or limited to specific Access Requests teams or Okta groups.
|Request assignees||Assignees manage a request after it’s submitted and are always members of the Access Requests Team that owns the Request Type.
Assignees are responsible for reassigning individual tasks or approvals to ensure that the request is quickly completed.
Resources are synced directly from your integrations. Currently, Access Requests can sync resources from Okta, Jira, and Service Now.
You can create a configuration list from a resource and use it in a Request Type. You can't modify a resource from the Access Requests Console.
By default, Access Requests syncs with the associated Okta org and creates resources, such as Applications, Okta groups, and Okta Workflows.
The Okta Workflows option is only available in the Access Requests console if you have enabled the Okta Workflows actions in Access Requests and Assign admin roles to apps features for your org, and assigned Okta Access Request OAuth app as an admin. Okta Workflows actions in Access Requests is an Early Access Feature. To learn how to enable it, see Manage Early Access and Beta features. Also, see Before you begin.
Configuration lists are customized collections of resources or admin-defined values. They determine which applications or groups that a team can use in a Request Type. Use them in Request Types to specify options available to your end users or control how automated actions work within a Request Type.
You must create separate configuration lists for each resource type.
For example, while creating a Request Type, you want to make some groups available for admins to assign to requesters. In addition, you want to make some applications available for a user to request. In this case, you must create a configuration list for applications and another one for groups.
There are two types of configuration lists: