Identity Governance change log

Release: 2022.08.0

Deployment date: Aug 03, 2022

Identity Governance

Okta Identity Governance is now generally available on Production environments.

Access Certifications

Features

  • Access certifications admin role

    You can now assign the access certifications standard admin role to your users instead of the super admin role. An access certifications admin can create and manage campaigns for Okta resources, such as users, groups, and applications. This role helps you control the level of access a user needs to perform their tasks. See Access certifications administrators.

    This is an early access feature. To enable it for your org, contact Okta Support.

  • Recurring campaigns
    You can now set up a recurrence schedule for campaigns to allow them to run periodically. This helps you save time and increases productivity. You now have the flexibility to set up a specific start time when you create a campaign instead of having it launch at midnight by default. See Create campaigns.

    This is a self-service early access feature. To enable it, use the Early Access Feature Manager as described in Manage Early Access and Beta features.

Production features

The following features are now generally available on Production environments.

  • View known entitlements

  • Campaign history

Access Requests

Features

  • Access Requests admin role

    Orgs can assign the Access Requests standard admin role to users instead of the super admin role. This role allows a user to view all Okta users and groups, manage app permissions and assignments within Access Requests, and act as an admin within the Access Requests Console. Using this role helps orgs to better control which actions are available to users. See Access Requests administrators.

    This is an early access feature. To enable it, contact Okta Support.

  • Export data feature
    The Export feature allows Access Requests admins can export data from the Access Requests Console. Exports can define how Request Types are organized, log which data is available in a configuration list, or list the specific actions taken for individual requests. This data helps orgs retain a clear record of the information available to Access Requests and how requests are processed. See Export data from Access Requests.
  • Time-Bound tasks
    Time-Bound tasks allow orgs to control the flow and timing of actions within a request. These tasks are available when a team creates a Request Type, and can schedule follow-up actions on a specific date, or after a specific duration of time. These tasks allow teams to better schedule how the system processes requests. See Create a Request Type.

Enhancements

Access Requests Workflows are now called Request Types.

Reports

Features

  • New Identity Governance report
    To aid with compliance and audits, the Past Access Requests report provides information on users that have requested access to org resources, and details related to the outcome of the request. See Past Access Requests report.
    This is a self-service early access feature. To enable it, see Manage Early Access and Beta features.

Release: 2022.07.0

Deployment date: Jul 07, 2022

Identity Governance

Okta Identity Governance is a SaaS-delivered, converged, and intuitive Identity and Access management platform. Use it to simplify and manage your identity and access lifecycles across multiple systems and improve the overall security of your company.

Use Okta Identity Governance solutions, such as Access Certifications, Access Requests, and Reports to:

  • Efficiently create, protect, and audit access to critical resources.
  • Improve your company’s security.
  • Increase employee productivity.
  • Improve IT efficiency by automating tasks to reduce the time taken and errors associated with manual data entry and provisioning tasks.

Access Certifications

Use Access Certifications to periodically create reviews of your users' access to applications or groups in Okta. Reviewers can approve or revoke access or reassign the review item to another user directly in the Okta Admin Console. Once the reviewer makes a decision, the remediation of a user's access begins automatically. This ensures that only users who need a resource have access to it and there is no accumulation of elevated or privileged access to a resource.

See Access Certifications.

Features

  • View known entitlements feature

    The View known entitlements self-service feature identifies the groups, licenses, permissions, and roles assigned to specific users within an Access Certification campaign. Currently this feature only syncs data from a limited number of apps: AWS, Box, Netsuite, Office 365, and Salesforce. See Review an access certification campaign.

  • Campaign history

    For each review item, admins and reviewers can now see a history for that item, which includes details about the assignment, business justification for reassignment, details of the assigned reviewer, and the final decision of the reviewer. This information is available on the Review details pane of a review item.

Enhancements

  • Remediation actions for unreviewed users

    When an Access Certification campaign ends early, the End Campaign dialog allows admins to specify if an action is performed on unreviewed users. See End an active campaign.

Access Requests

Use Access Requests to automate the process of requesting access to applications and resources. Access Requests delivers a streamlined and frictionless approach that automatically routes user requests to one or more reviewers for action.

See Access Requests

Reports

Use Access Certifications Campaigns reports, such as, Campaign Details and Campaign Summaries to obtain information on previously completed campaigns. You can also export the reports from Okta.

See Identity Governance Reports.

Date: June 15, 2022

Access Certifications

  • Improved visibility into campaign launch errors

    You can now view campaigns that failed the pre-launch check or failed to launch on the Closed tab of the Access Certification campaigns page and in the System Log. Select and open the campaign to view reasons for failure. This helps you identify and fix errors in the campaign.

  • OKTA-467193
  • Some of the buttons in the Create campaigns dialog were confusing and didn’t function as expected. The buttons have been renamed for clarity.

    1. When you create a campaign, the Exit button is now labeled Cancel.
    2. When you edit a scheduled campaign:
      • The Next button is now labeled Save and continue.
      • The Schedule campaign button is now labeled Update campaign.

  • OKTA-508375
  • Uncertified review items were marked as Reassigned instead of Not certified on the Closed tab of the Access certification campaigns page.

Previous changes

Date: June 8, 2022

Access Certifications

  • Visibility into campaign launch failures in System Log

  • When a campaign fails to launch or doesn't pass the pre-launch check, the System Log now displays the reason for failure. This helps you identify and correct the issue.

Date: May 4, 2022

Access Certifications

  • Email notification for campaign launch errors

  • Admins now get an email notification with a link to the campaign's page when the following errors occur at launch:

    • The number of review items is more than 10,000.

    • The fallback reviewer has been deactivated or deleted in Okta.

    • The resource (application or group) associated with the campaign has been deleted in Okta.

    • The campaign doesn’t have any review items.

    Use the link in the email notification to view errors. You can also get a head start on recreating the campaign by copying your campaign configuration, including the Okta Expression Language expressions for users and reviewers, from the Overview section. This functionality provides visibility in to campaigns that fails to launch. It also helps you identify and troubleshoot errors.

Date: March 30, 2022

Access Requests

  • Some orgs encountered issues while syncing Okta groups to Access Requests.

Date: March 23, 2022

Access Certifications

  • Third-party apps as a resource

    Admins can only include third-party apps as a resource when creating or modifying an Access Certifications campaign. This prevents reviewers from accidentally revoking an admin's access to the following first party apps:

    • Okta Workflows
    • Okta Admin Console
    • Okta Browser Plugin
    • Okta Admin Dashboard
    • Okta Access Certification
    • Okta Access Certification Reviews

Date: March 2, 2022

Identity Governance

Okta Identity Governance is a SaaS-delivered, converged, and intuitive Identity and Access management platform. Use it to simplify and manage your identity and access lifecycles across multiple systems and improve the overall security of your company.

Use Okta Identity Governance solutions, such as Access Certifications, Access Requests, and Reports to:

  • Efficiently create, protect, and audit access to critical resources.
  • Improve your company’s security.
  • Increase employee productivity.
  • Improve IT efficiency by automating tasks to reduce the time taken and errors associated with manual data entry and provisioning tasks.

Access Certifications

Use Access Certifications to periodically create reviews of your users' access to applications or groups in Okta. Reviewers can approve or revoke access or reassign the review item to another user directly in the Okta Admin Console. Once the reviewer makes a decision, the remediation of a user's access begins automatically. This ensures that only users who need a resource have access to it and there is no accumulation of elevated or privileged access to a resource.

See Access Certifications.

Access Requests

Use Access Requests to automate the process of requesting access to applications and resources. Access Requests delivers a streamlined and frictionless approach that automatically routes user requests to one or more reviewers for action.

See Access Requests

Reports

Use Access Certifications Campaigns reports, such as, Campaign Details and Campaign Summaries to obtain information on previously completed campaigns. You can also export the reports from Okta.

See Identity Governance Reports.