Access Requests
Okta Identity Governance is generally available to customers on a subscription basis. For more information, contact your Account Executive or Customer Success Manager.
Directly integrated into an Okta organization, Okta Access Requests automates the process of requesting access to applications and resources. Expanding on Okta's existing self-service offerings, Access Requests delivers a simplified and frictionless approach that automatically routes user requests to one or more approvers for action.
This allows Access Requests to eliminate the challenges common in more traditional workflows:
- Poor request experience
- Risk of human error
- Decreased IT productivity
- Complex and rigid workflows
- Audit and compliance deficiencies
Roles
Access Requests meets the needs of several different organizational roles.
Role | Description |
---|---|
Requester |
|
Approver |
|
Admin |
|
Components
Access Requests uses a combination of the following components:
Components | Description |
---|---|
Access Requests Teams | Access Requests Teams are logical groupings of users and Request Types within Access Requests.
Each team can create one or more Request Types and manage any associated requests. See Create an Access Requests team. |
Request Types | Request Types are collections of tasks used to define how to process a request.
Each Request Type is made of one or more tasks that are routed to approvers for review. Access Requests teams create and own Request Types. See Request Types. |
Audiences | Audiences control which users can submit a request with a specific Request Type. Teams can make Request Types available to everyone, or limited to specific Access Requests teams or Okta groups. |
Request assignees | Assignees manage a request after it’s submitted and are always members of the Access Requests Team that owns the Request Type. Assignees are responsible for reassigning individual tasks or approvals to ensure that the request is quickly completed. |
Resources |
Resources are synced directly from your integrations. Currently, Access Requests can sync resources from Okta, Jira, and Service Now. You can create a configuration list from a resource and use it in a Request Type. You can't modify a resource from the Access Requests Console. By default, Access Requests syncs with the associated Okta org and creates resources, such as Applications and Okta groups. |
Configuration lists |
Configuration lists are customized collections of resources or admin-defined values. They determine which applications or groups a team can use in a Request Type. Use them in Request Types to specify options available to your end users or control how automated actions work within a Request Type. You must create separate configuration lists for each resource type. For example, while creating a Request Type, you want to make some groups available for admins to assign to requesters. In addition, you want to make some applications available for a user to request. In this case, you must create a configuration list for applications and another one for groups. There are two types of configuration lists:
|