Identity Governance release notes archive
Release: 2023.08.2
Fixes
Access Certifications |
|
Release: 2023.08.0
Features and enhancements
Access Certifications |
|
Access Requests |
|
Fixes
Access Certifications |
|
Access Requests |
|
Release: 2023.07.2
Fixes
Access Certifications |
|
Access Requests |
|
Release: 2023.07.1
Fixes
Access Certifications |
|
Release: 2023.07.0
Features and enhancements
Access Certifications |
|
Access Requests |
|
Release: 2023.06.2
Features and enhancements
Access Requests |
|
Fixes
Access Certifications |
|
Access Requests |
|
Release: 2023.06.1
Features and enhancements
Access Requests |
|
Fixes
Identity Governance |
|
Release: 2023.06.0
Features and enhancements
Access Certifications |
|
Access Requests |
|
Fixes
Access Requests |
|
Release: 2023.05.3
Features and enhancements
Access Certifications |
|
Fixes
Access Certifications |
|
Access Requests |
|
Release: 2023.05.1
Fixes
Access Certifications |
|
Access Requests |
|
Release: 2023.05.0
Features and enhancements
Access Certifications |
|
Fixes
Access Certifications |
|
Release: 2023.04.3
Fixes
Access Requests |
|
Release: 2023.04.2
Fixes
Access Requests |
|
Release: 2023.03.3
Features and enhancements
Access Certifications |
|
Access Requests |
|
Release: 2023.03.2
Features and enhancements
Access Requests |
|
Fixes
Identity Governance |
|
Access Requests |
|
Release: 2023.03.1
Features and enhancements
Access Requests |
|
Fixes
Access Requests |
|
Release: 2023.03.0
Features and enhancements
Identity Governance |
|
|
|
Access Certifications |
While creating or editing an Access Certification campaign, now you can select one of the following options from the Select reviewer type dropdown menu. This feature allows you to select a Group and Group owner as reviewer types. As a result, you can take the following actions: See Create campaigns. |
Access Requests |
|
Release: 2023.02.1
Features and enhancements
Access Requests |
|
Fixes
Access Requests |
|
Release: 2023.02.0
Features and enhancements
Identity Governance |
|
|
|
Access Certifications |
|
Release: 2023.01.2
Fixes
Access Requests |
|
Release: 2023.01.1
Features and enhancements
Access Requests |
|
Release: 2023.01.0
Features and enhancements
Access Certifications |
|
|
While creating or editing an Access Certification campaign, now you can select one of the following options from the Select reviewer type dropdown menu. This feature allows you to select a Group and Group owner as reviewer types. As a result, you can take the following actions: See Create campaigns. |
Access Requests |
|
Release: 2022.12.2
Features and enhancements
Access Requests |
Updates to request requirements
|
Fixes
Access Certifications | While approving or revoking access, reviewers had to click the textbox multiple times to enter a business justification. (OKTA-535909) |
Release: 2022.12.1
Fixes
Access Requests | When a Jira ticket was created automatically for a team, its issue type was set to the first issue type configured in the Jira integration. (OKTA-554537) |
Release: 2022.12.0
Access Certifications
Features
-
Additional reviewer type options
While creating or editing an Access Certification campaign, now you can select one of the following options from the Select reviewer type dropdown menu.
-
A specific user
-
User's manager
-
Group
- Group owner
- Define using Okta Expression Language
This feature allows you to select a Group and Group owner as reviewer types. As a result, you can take the following actions:
-
Assign reviews to multiple users at the same time to make review decisions when you have multiple application owners or a reviewer might be out of office.
-
Leverage the same Okta group that you use in Access Requests in Access Certifications as well. This also minimizes the need to manually update reviewers in campaigns when the reviewers change.
See Create campaigns.
This is an Early Access feature for orgs with Identity Governance enabled. Use the Early Access Feature Manager as described in Manage Early Access and Beta features to enable the feature.
-
Fixes
-
The message There are no more pending reviews for this campaign was displayed when you searched for a user or reviewer’s pending review items in an active campaign. (OKTA-549609)
Access Requests
Enhancements
-
Improvements to Access Requests
-
When you sign in after your session expires, you are now taken to the last page that you visited instead of being taken to your requests Inbox.
-
When you click the email action link without signing in, you’re now asked to sign in instead of displaying an error.
-
Date fields are now localized properly even when you can’t edit the field.
-
Release: 2022.11.1
Deployment date: Nov 30, 2022
Identity Governance
Access Requests
Enhancements
-
Update to request requirements
Requests submitted using Slack or Microsoft Teams must include a request type. This is to enable a smoother request approval flow.
-
Add Task button removed
Approvers can’t add custom tasks to a request.
-
Remove ability to archive items
You can no longer archive items from configuration lists and sublists. However, you can now delete items from the sublists.
Fixes
-
After syncing a configuration list, items archived from a sublist didn't stay in the archive.
Release: 2022.11.0
Deployment date: Nov 3, 2022
Identity Governance
Access Requests
Enhancements
-
New System Log events for access requests
A new System Log event appears when an access request is created and also when it is resolved.
-
Autopopulate groups
Based on the requester’s responses in the Teams and Request Type fields in a request, a group is automatically populated using AI prediction models. This is only applicable if the following conditions are met:- The question in a Request Type has Dropdown as the input type.
- The selected Dropdown option is associated with an Okta resource list that contains groups only.
Reports
Enhancements
-
New column for the Past Campaign Details report
The CSV export of the Past Campaign Details report now contains a reviewItem.revoked column. The column contains a time stamp for when a user's access to a resource was revoked. This functionality provides visibility into the remediation time frame of a campaign and helps you meet audit requirements.
Release: 2022.10.2
Deployment date: Oct 26, 2022
Identity Governance
Access Requests
Enhancements
-
Enhancements for Jira and ServiceNow integrations
If you have integrated Jira or ServiceNow with Access Requests, you can now create sublists for these integrations. This allows you to control the options available to users when processing requests. See Create a configuration list.
Release: 2022.10.0
Deployment date: Oct 5, 2022
Identity Governance
Access Certifications
Production features
The following features are now generally available on Production environments.
-
Access certifications administrator role
-
Recurring campaigns
Enhancements
-
Enhancements to the Review Details pane
In the Resource details section of the Review details pane, reviewers can now see when an application was assigned to the user and when the user's access to an application or group was last reviewed. This provides historical context for the resource being reviewed across campaigns.
Access Requests
Production features
The following features are now generally available on Production environments.
-
Access requests administrator role
Enhancements
-
Deprecate some actions for Okta integration
For the Okta integration in the Access Requests console, the following actions are now deprecated for new Requests and Request Types:
-
Reset user password
-
Unlock user
-
Activate user
-
Deactivate user
-
Suspend user
-
Unsuspend user
-
List enrolled MFA for user
-
Reset all user MFA
-
Clear all user sessions
-
-
Security enhancement for email
As an increased security measure, now you must be signed in to Access Requests to approve, deny, and complete a task for a request using the action link in email notification. In addition, these action links in the emails from before October 3, 2022, will no longer work even if you're signed in.
Fixes
-
Admins couldn't disable the Create issue toggle when they attempted to edit the Jira connection.
-
The Jira resource list option wasn't available on the Settings > Configuration page of the Access Requests console. Consequently, the Jira projects option wasn't available in the list of configuration options when admins attempted to automate Jira issue creation.
Reports
Production features
The following features are now generally available on Production environments.
-
Past Access Requests report
Release: 2022.09.3
Deployment date: Sep 28, 2022
Identity Governance
Access Certifications
Fixes
-
Users received email notifications for Access Certifications campaigns on both their primary and secondary email addresses. (OKTA-530589)
Release: 2022.09.1
Deployment date: Sep 14, 2022
Identity Governance
Access Certifications
Fixes
-
Campaigns launched successfully even when the user scope was defined using Okta Expression Language and no users met the expression criteria. (OKTA-518924)
-
The wrong campaign opened occasionally when admins attempted to edit a scheduled campaign immediately after editing another scheduled campaign. (OKTA-527511)
Access Requests
Enhancements
- Prevent changes after submitting requests
Now requesters can't modify the questions after they submit a Request Type.
Only request assignees can update answers after submission.
Admins can only assign requests to members of team, which owns the Request Type.
- Disable Request Types and notify admins
A Request Type is disabled in the following scenarios:
When you remove an item from a list that is associated with an active Request Type.
When you delete a team that is associated with a Request Type.
Admins now receive an email notification when the Request Type is disabled to make the required modifications. See Modify a list.
Release: 2022.09.0
Deployment date: Aug 31, 2022
Identity Governance
Features
-
Group owner functionality for Universal Directory
Admins can now view and manage the owners of the group in Okta Universal Directory. A group can have a maximum of 10 owners. See Group ownership.
With this feature, you can use Okta Expression Language expressions to specify group owners as reviewers for an Access Certifications campaign. This allows you to centrally manage reviewers for a resource associated with a campaign without updating the campaign configuration when the resource ownership changes. See Define dynamic reviewers.
This is a self-service early access feature for Okta Identity Governance customers. To enable it, use the Early Access Feature Manager as described in Manage Early Access and Beta features.
-
Import group owner information from AD
Admins can now import the group ownership information from AD to Okta Directory using full or incremental imports. The group owner is extracted from a managedBy attribute in AD user profile. Note that AD can have only one owner for a group, either a group or a user, so the imported group can also have only one owner. See Import group owner from Active Directory.
This is a self-service early access feature for Okta Identity Governance customers. To enable it, use the Early Access Feature Manager as described in Manage Early Access and Beta features.
Access Certifications
Features
- Automatically assign the Access Certifications app
When you assign the access certifications administrator role to a user or group, they're automatically assigned to the Access Certifications app. This is available to orgs with the access certifications administrator role enabled. See Access certifications administrators.
Preview features
The following features are now generally available on Preview environments.
-
Access certifications administrator role
-
Recurring campaigns
Fixes
- OKTA-525684
When reviewers bulk approved or revoked review items that had different groups associated with them, System.DebugContext.DebugData in System Log events displayed the first group for all items.
Access Requests
Features
- Automatically assign the Request Access app
When you assign the access requests administrator role to a user or group, they're automatically assigned to the Request Access app. This is available to orgs with the access requests administrator role enabled. See Access requests administrators.
Preview features
The following features are now generally available on Preview environments.
-
Access requests administrator role
Reports
Enhancements
- UI text update
For the Past Access Requests report, the column header and filter labels have been changed from Requester Name to Requester and Approver Name to Approver.
Preview features
The following features are now generally available on Preview environments.
-
Past Access Requests report
Release: 2022.08.0
Deployment date: Aug 03, 2022
Identity Governance
Okta Identity Governance is now generally available on Production environments.
Access Certifications
Features
- Access certifications admin role
You can now assign the access certifications standard admin role to your users instead of the super admin role. An access certifications admin can create and manage campaigns for Okta resources, such as users, groups, and applications. This role helps you control the level of access a user needs to perform their tasks. See Access certifications administrators.
This is an early access feature. To enable it for your org, contact Okta Support.
-
Recurring campaigns
You can now set up a recurrence schedule for campaigns to allow them to run periodically. This helps you save time and increases productivity. You now have the flexibility to set up a specific start time when you create a campaign instead of having it launch at midnight by default. See Create campaigns.This is a self-service early access feature. To enable it, use the Early Access Feature Manager as described in Manage Early Access and Beta features.
Production features
The following features are now generally available on Production environments.
-
View known entitlements
-
Campaign history
Access Requests
Features
- Access Requests admin role
Orgs can assign the Access Requests standard admin role to users instead of the super admin role. This role allows a user to view all Okta users and groups, manage app permissions and assignments within Access Requests, and act as an admin within the Access Requests Console. Using this role helps orgs to better control which actions are available to users. See Access requests administrators.
This is an early access feature. To enable it, contact Okta Support.
- Export data feature
The Export feature allows Access Requests admins can export data from the Access Requests Console. Exports can define how Request Types are organized, log which data is available in a configuration list, or list the specific actions taken for individual requests. This data helps orgs retain a clear record of the information available to Access Requests and how requests are processed. See Export data from Access Requests. - Time-Bound tasks
Time-Bound tasks allow orgs to control the flow and timing of actions within a request. These tasks are available when a team creates a Request Type, and can schedule follow-up actions on a specific date, or after a specific duration of time. These tasks allow teams to better schedule how the system processes requests. See Create a Request Type.
Enhancements
Access Requests Workflows are now called Request Types.
Reports
Features
- New Identity Governance report
To aid with compliance and audits, the Past Access Requests report provides information on users that have requested access to org resources, and details related to the outcome of the request. See Past Access Requests report.
This is a self-service early access feature. To enable it, see Manage Early Access and Beta features.
Release: 2022.07.0
Deployment date: Jul 07, 2022
Identity Governance
Okta Identity Governance is a SaaS-delivered, converged, and intuitive Identity and Access management platform. Use it to simplify and manage your identity and access lifecycles across multiple systems and improve the overall security of your company.
Use Okta Identity Governance solutions, such as Access Certifications, Access Requests, and Reports to:
- Efficiently create, protect, and audit access to critical resources.
- Improve your company’s security.
- Increase employee productivity.
- Improve IT efficiency by automating tasks to reduce the time taken and errors associated with manual data entry and provisioning tasks.
Access Certifications
Use Access Certifications to periodically create reviews of your users' access to applications or groups in Okta. Reviewers can approve or revoke access or reassign the review item to another user directly in the Okta Admin Console. Once the reviewer makes a decision, the remediation of a user's access begins automatically. This ensures that only users who need a resource have access to it and there is no accumulation of elevated or privileged access to a resource.
Features
- View known entitlements feature
The View known entitlements self-service feature identifies the groups, licenses, permissions, and roles assigned to specific users within an Access Certification campaign. Currently this feature only syncs data from a limited number of apps: AWS, Box, Netsuite, Office 365, and Salesforce. See Review campaigns.
-
For each review item, admins and reviewers can now see a history for that item, which includes details about the assignment, business justification for reassignment, details of the assigned reviewer, and the final decision of the reviewer. This information is available on the Review details pane of a review item.
Enhancements
- Remediation actions for unreviewed users
When an Access Certification campaign ends early, the End Campaign dialog allows admins to specify if an action is performed on unreviewed users. See End an active campaign.
Access Requests
Use Access Requests to automate the process of requesting access to applications and resources. Access Requests delivers a streamlined and frictionless approach that automatically routes user requests to one or more reviewers for action.
See Access Requests
Reports
Use Access Certifications Campaigns reports, such as, Campaign Details and Campaign Summaries to obtain information on previously completed campaigns. You can also export the reports from Okta.
Date: June 15, 2022
Access Certifications
- Improved visibility into campaign launch errors
You can now view campaigns that failed the pre-launch check or failed to launch on the Closed tab of the Access Certification campaigns page and in the System Log. Select and open the campaign to view reasons for failure. This helps you identify and fix errors in the campaign.
- OKTA-467193
- When you create a campaign, the Exit button is now labeled Cancel.
- When you edit a scheduled campaign:
- The Next button is now labeled Save and continue.
- The Schedule campaign button is now labeled Update campaign.
Some of the buttons in the Create campaigns dialog were confusing and didn’t function as expected. The buttons have been renamed for clarity.
- OKTA-508375
Uncertified review items were marked as Reassigned instead of Not certified on the Closed tab of the Access certification campaigns page.
Date: June 8, 2022 Access Certifications
When a campaign fails to launch or doesn't pass the pre-launch check, the System Log now displays the reason for failure. This helps you identify and correct the issue. |
Date: May 4, 2022 Access Certifications
Admins now get an email notification with a link to the campaign's page when the following errors occur at launch: Use the link in the email notification to view errors. You can also get a head start on recreating the campaign by copying your campaign configuration, including the Okta Expression Language expressions for users and reviewers, from the Overview section. This functionality provides visibility in to campaigns that fails to launch. It also helps you identify and troubleshoot errors. |
Date: March 30, 2022 Access Requests
|
Date: March 23, 2022 Access Certifications
|
Date: March 2, 2022 Identity GovernanceOkta Identity Governance is a SaaS-delivered, converged, and intuitive Identity and Access management platform. Use it to simplify and manage your identity and access lifecycles across multiple systems and improve the overall security of your company. Use Okta Identity Governance solutions, such as Access Certifications, Access Requests, and Reports to:
Access CertificationsUse Access Certifications to periodically create reviews of your users' access to applications or groups in Okta. Reviewers can approve or revoke access or reassign the review item to another user directly in the Okta Admin Console. Once the reviewer makes a decision, the remediation of a user's access begins automatically. This ensures that only users who need a resource have access to it and there is no accumulation of elevated or privileged access to a resource. Access RequestsUse Access Requests to automate the process of requesting access to applications and resources. Access Requests delivers a streamlined and frictionless approach that automatically routes user requests to one or more reviewers for action. See Access Requests ReportsUse Access Certifications Campaigns reports, such as, Campaign Details and Campaign Summaries to obtain information on previously completed campaigns. You can also export the reports from Okta. |