Create separation of duties rules
After you create a separation of duties (SOD) rule, the rule affects all scheduled campaigns and new access requests that a user submits. Active campaigns and access requests that were submitted before the creation of the rule was created aren't impacted.
Before you begin
- Sign in as a super admin or an admin with the following permissions:
- Manage separation of duties (SOD) risk rules
- View applications
See Custom admin roles and Role permissions.
- Ensure that you're assigned to the Okta Entitlement Management app.
Create a rule
- In the Admin Console, go to .
- Find your app integration that you want to create a separation of duties (SOD) rule for and click it.
- Click the Separation of duties tab.
- Click Create rule.
- Enter a name, description, and an optional note for the rule. The contents of the note appear in SOD reports, which are useful for auditing purposes. For example, a note stating "This rule was created to meet SOX requirements." documents the purpose of the rule.
- Each rule consists of two lists, whose default names are List 1 and List 2. Change the name of a list by clicking the pencil icon, updating the name, and then clicking the checkmark.
- For both lists, select either Any one of or All of from their respective dropdown menus.
- Any one of: The user matches the condition for this side of the rule if they have one or more entitlement value pairs from the list.
- All of: The user matches the condition for this side of the rule if they have all the entitlement value pairs specified in this list.
- For both lists, select the entitlements and their corresponding values to include in the list. Click + Add entitlements to add another entitlement to a list. Each list has a maximum of 50 values across all entitlements.
- Click Create rule.
Related topics
Get started with separation of duties