Enable end users to assign delegates

Allow users to assign their own delegates for governance tasks from the Settings page. Governance tasks include access certification campaign review items and access request approvals, questions, and tasks. The changes that you make on the Settings page are applicable to all users in your org.

If you've enabled the Delegate restrictions feature, you can allow the users to select anyone in the org as a delegate or constrain the selection to the user's manager or the user's manager and colleagues.

Before you begin

  • You must be a super admin.

  • For the Manager and Manager and colleagues options to work, the Manager ID (managerId) attribute must be correctly populated in user profiles in Okta. Otherwise, users may not be able to select a delegate.

Start this task

  1. In the Admin Console, go to Identity Governance Settings Delegates.

  2. On the Delegates tab, turn on Enable end users to assign their own delegate.

  3. Select who users (non-admins) can assign as their delegate:

    • Anyone in the organization: Users can search for and select any user in the org.

    • Manager: User's manager (defined in the user profile) is prepopulated as their delegate and they can't change it.

    • Manager and colleagues: Users can select their manager or another user who reports to the same manager.

When this setting is enabled, then depending on your configuration, users can add, change, or remove their delegate assignment from the Access Certification Reviews or Okta Access Requests app from the End-User Dashboard. If this setting is disabled, users can only view the delegate assignment information in these apps. See Manage delegates.

In case of existing delegate assignments, if the specified delegate doesn't meet the criteria, users receive a warning on the Delegate page in the Access Certification Reviews or Okta Access Requests app. They must remove the existing assignment and assign an eligible delegate.

When the existing specified delegate doesn't meet the criteria, Okta blocks users from editing the existing assignment but continues to assign governance tasks to the specified delegate in the following scenarios:

  • If you update the delegate restrictions. For example, there was a delegate specified and you updated the setting from Anyone in the organization to Manager or Manager and colleagues. However, after the update specified delegate doesn't meet the updated criteria.

  • If the user's manager changes. For example, you'd configured the settings to either Manager or Manager and colleagues and the user had specified their manager or colleague as their delegate. However, there were organizational changes in your company and the user moves to a new team and reports to a different manager. In this case, the specified delegate doesn't meet the updated criteria.