Configure policies for Govern Okta admin roles apps

Early Access release. See Enable self-service features.

The Govern Okta admin roles feature includes the following apps.

  • Okta Access Requests: This app is automatically assigned to super admins. It controls which super admins can be assigned to a request. You can assign it to approvers if you want to assign them tasks, and to end users if you want them to see the Request admin role button. This is the only app visible on the Okta dashboard.

  • Okta Access Requests OAuth: This app is automatically assigned to super admins. It's only used for running workflows in a request. You don't need to assign it to any users.

  • Okta Access Requests Admin: This app is automatically assigned to super admins. You can assign it to any admins who need to manage Access Request Conditions.

  • Okta Access Requests Resource Catalog: This app is automatically assigned to all users. Nothing is made available by default, and no app management is required.

  • Okta Access Certifications: This app is automatically assigned to super admins. It provides access to the Access Certifications section of the Admin Console.

Existing super admins get these apps automatically when you enable the feature. If you add super admins later, you need to manually assign the apps to them.

Configure policies for your apps

  1. Modify the existing app sign-on policy for the Okta Access Requests Admin app so that all rules match those of the Okta Admin Console app.

  2. Modify the existing app sign-on policy for the Okta Access Requests Resource Catalog app so that all rules match those of the Okta Dashboard app.

  3. Ensure that you don't have any rules that require Prompt for re-authentication or Prompt for factor for these apps. See Configure an app sign-on policy.

Related topics

Get started

Access Requests for admin roles

Access Certifications for admin roles