Security access reviews
Early Access release. See Enable self-service features.
Review user access to sensitive resources in response to security incidents. A security access review is a review of a user's access to resources, their level of access, and the method with which access was granted. These reviews are prioritized based on app and entitlement criticalities and access anomalies, and are built to foster greater account and org security. Using the Admin Console or APIs, you can launch these manually or trigger them automatically as a response to specific security events. This allows you to investigate access anomalies, confirm that access is appropriate, and revoke it temporarily or permanently if necessary.
Benefits
-
Drive proactive identity security by triggering access reviews in response to security events.
Reviewing access proactively helps you identify access assignment misconfigurations in the org as part of your incident response workflow. It allows you to focus on long-term improvements to your org's security and go beyond traditional detection and incident response activities.
-
Accelerate identification of access issues.
Security access reviews provide a unified view of user access, helping your team identify over privilege and immediately act on access issues without needing to involve IT help desks. Reviewers also get an AI-generated summary to quickly identify the most critical access issues.
-
Integrate governance and security outcomes.
Easily trigger a security access review based on security events detected on the Okta platform. If you're subscribed to Identity Threat Protection (ITP) or Identity Security Posture Management (ISPM), you can use webhooks with Okta Workflows to trigger a security access review based on issue detections.
As a super admin or a custom admin with the Manage security access reviews (okta.governance.securityAccessReviews.admin.manage) and View users and their details permissions, you can launch security access reviews and assign specific users as reviewers. You can launch a security access review manually from the UI or through the API. You can also configure these to launch automatically through an API as a response to a security event.
When a security access review is launched, all resources (except the Okta Workflows app) assigned to the user are included in the review. Okta assigns a priority to each resource (apps, groups, or entitlements) included in the review to help you focus on the most sensitive resources with the most access anomalies. Each review also contains an AI-generated summary of the user's access. The summary includes contextual information about the most sensitive apps with the most anomalous access. This ensures that the reviewer has the necessary information to assess the overall level of anomalous access the user has.
The AI-generated summary is available in reviews only if the Access Certifications - AI summary for Security Access Reviews feature is enabled for the org. This is also is an Early Access feature.
For each resource, the review provides a severity level and details on Okta-detected anomalies. Anomaly details include separation of duties rules conflicts, recent security event context, entitlements, and groups that grant access to the resource. Okta also provides a resource-specific AI-generated summary for the top five anomalies with the highest severity in your org.
Depending on the permissions and roles that reviewers have in Okta, there may be links to other pages in the Admin Console to provide additional information to the reviewer, such as System Log events.
By default, Okta applies labels like Crown Jewel and Privileged to your most critical apps and entitlements. Security Access Reviews uses these labels to accurately calculate risk and assign a priority level to the review and the resources and anomalies in it. The labels associated with an app or entitlement are available in the review and help reviewers understand the criticality of the resource.
The priority is determined by factors like an issue's likelihood and the resource's label-defined impact. For example, an AI-generated summary might flag a resource as Crown Jewel, guiding reviewers to focus on the most critical risks first.
If you have the Labels feature enabled for your org, the labels you configure are displayed in the security access review and considered for review prioritization.
Reviewers are notified by email when a review is assigned to them. They can access the reviewing using the link in the email or from the Okta Security Access Reviews app from their dashboard.
Reviewers can revoke the user's access to the resource itself, its specific entitlements, and the groups that assign access to the resource to mitigate identified risks at the resource level. While a review is still active, reviewers can restore user access to the resource even if it was revoked earlier as a part of the same review. These actions can be only be taken while the review is active. Reviews close on their end date or when a reviewer closes the review manually.
You can view all active and closed reviews on the Security Access Reviews tab of the Access Certifications page.
If the reviewers are super admins or custom admins with the Manage security access reviews and View users and their details permissions, they can view and act on all active security access reviews listed on the Security Access Reviews tab. Reviewers who are access certification admins but don't have the Manage security access review permission can't view or make decisions on the reviews assigned to them from this tab.