Manage admin role access requests

Early Access release. See Enable self-service features.

This topic describes the request assignee and approver experience. As a super admin, you can manage the administrative aspects of the admin role bundle requests and their tasks same as a request assignee or an approver.

Manage requests

A super admin is assigned to every admin role bundle request as a request assignee for its oversight and management. As the request assignee, the super admin can update request details like request assignee, followers, and tags from the Access Requests console or web app. They can also view and update the open tasks assigned to the approvers.

Request assignees can also reassign a task if it's unassigned or if it needs to be assigned to a different user. For example, if an access request is assigned to an approver who’s on a vacation, then the request assignee can reassign the task to another approver to unblock the request.

Admin role bundle access requests are more constrained than access requests for other resources, such as apps or groups. See Considerations.

  1. Request assignees sign in as super admin to the Admin Console and go to the Okta Access Requests console. Alternatively, they can sign in to their dashboard and open the Okta Access Requests web app.
  2. They select Inbox and go to the Open tab to view requests assigned to them. Alternatively, if they want to manage a request that’s assigned to someone else, they can go to the All tab.
  3. They select a request and review the request details.
  4. They update the request details or open tasks that are assigned to the approvers, if required. They can’t modify tasks that the approvers have already completed.

Manage tasks

Approvers need clear visibility and context for requests, so they understand what to approve and for whom. When a requester submits a request, tasks are assigned automatically to approvers based on the approval sequence configuration.

Approvers can view request details like request assignee, tags, and followers. They can chat with the requester from within a request.

To approve or deny a task from the Access Requests web app, approvers can follow these steps:

  1. Approvers go to the Okta Access Requests web app from their dashboard.
  2. They select Inbox and go to the Open tab to view tasks awaiting approval.
  3. They select a request and review the request details.
  4. Optional. They review the following information provided by the requester from the central pane:
    • Responses submitted by the requester from the Questions section on the Actions tab.
    • The activity log from the Activity tab.
    • Notes in the chat from the right panel of the request. Approvers can also ask the requester for more information in the chat.
  5. They select the appropriate option to approve or deny the request. The choices vary based on the task type:
    • Approval tasks: They click Approve or Deny.
    • Custom tasks: They click Complete.

After approvers take action on a task, Okta moves the request to the Pending tab if the request is awaiting an automated action. If an approver clicks Deny in an approval task, the approval sequence ends and the user is denied access to the admin role they requested.

Related topic

Access Certifications for admin roles