Best practices for creating campaigns
Keep these best practices in mind before creating campaigns.
If you enabled Govern Okta admin roles, use a resource campaign to review user admin role assignments.
Govern Okta admin roles is generally available if you're subscribed to Okta Identity Governance. Otherwise, depending on your org's eligibility, Govern Okta admin roles might not be available. Contact your account executive or customer success manager for more information.
General settings
- Select a campaign name that is self-explanatory. Campaign names are visible to your reviewers.
- For the campaign description, include information that can help a reviewer understand the purpose of the campaign. For example, if you have set up a campaign to review Salesforce permissions of users, you can add that as the campaign description to provide the context to the reviewers.
- Ensure that the resource associated with the campaign exists in Okta and isn't deactivated or deleted.
- Keep Known issues and limits in mind.
- See Recurring campaign considerations.
Reviewer settings
- Ensure that the fallback reviewer that you select is active in Okta.
- Ensure that the managerId user attribute is set as the Okta username or email address of the user's manager to use the Manager reviewer type. Otherwise, the campaign fails to identify the manager and the review gets assigned to the fallback reviewer.
-
To review entitlements for an app in a campaign, ensure that you have Governance Engine enabled for the app and you've created entitlements. See Get started with Entitlement Management.
-
To use the Group Owner reviewer type, ensure that you have group owners configured in Okta. See Configure Okta group owners.
-
While defining reviewers, select the Disable self-review checkbox to ensure that users don't review and approve their own access to critical resources.
-
For campaigns with multilevel reviews, keep the following considerations in mind:
-
You can set up two levels of review in a single campaign.
-
Review items are sent to the second-level reviewer only after the first-level reviewer approves or revokes them. It's important for the first-level reviewers to take decisions on review items on time to avoid blocking the campaign's progress.
-
The second-level reviewer can view the first-level reviewer's decision and the justification for a review item.
-
The final reviewer varies depending on the campaign's configuration.
-
The remediation options that you configure for a campaign are applicable to the decisions made by the final reviewer. See Understand remediation.
-