Get started with Access Certifications

Using Access Certifications, create audit campaigns to review and automatically manage your users' access to resources periodically or as required.

Follow this sequence of configuration tasks to start using Access Certifications:

Admin tasks

Description

Campaigns Understand the campaign types that you can use to ensure that your users have the right level of access to resources like apps and groups.
Customizable reviewer context Customize your campaigns with the data that reviewers need to make better governance decisions.
Create preconfigured campaigns Preconfigured campaigns are ready-to-use campaigns that require minimal setup.

Okta provides two types of preconfigured campaigns:

  • Discover inactive users for reviewing apps in your org with the highest number of inactive users.

  • Okta administrator review for reviewing admin access to your Admin Console.

Best practices for creating campaigns Keep these best practices in mind before creating campaigns.
Create resource campaigns Use this campaign type to review all users who have access to a resource. You can use resource campaigns to meet your audit and compliance requirements. If you've enabled the Governance for admin roles feature, use this campaign to review user admin role assignments.

Create campaigns to periodically review your users' access to resources.

Create user campaigns Use this campaign type to review all resources that a user has access to. User campaigns can efficiently manage users' access to resources and to adopt a least privileged access model for your org.

Users' admin roles assignments aren't included for review in this campaign type.

References Refer to these topics to understand key concepts and use campaigns more efficiently:
View the progress of an active campaign Monitor the progress of your active campaigns and pending review items.
Modify a scheduled campaign Modify a campaign that hasn't launched yet.
Modify campaign's end date End an active campaign if you need to relaunch the campaign with a different configuration or skip the remaining review items. You may want to end an active campaign if there's an error in the campaign configuration.
Generate the Past Campaign Details report and the Past Campaign Summary report The Past Campaign Details report provides in-depth information about any certification campaign.

The Past Campaign Summary report provides a high-level configuration and status of access certification campaigns.

Understand reviewer tasks from an admin perspective:

Reviewer tasks

Description

Review campaigns Understand how reviewers can review the items assigned to them.
Reassign review items Understand how reviewers can reassign the review items assigned to them.