Configure policies for Govern Okta admin roles apps
Early Access release. See Enable self-service features.
The Govern Okta admin roles feature includes the following apps.
-
Okta Access Requests: This app is automatically assigned to super admins. It controls which super admins can be assigned to a request. You can assign it to approvers if you want to assign them tasks, and to end users if you want them to see the Request admin role button. This is the only app visible on the Okta dashboard.
-
Okta Access Requests OAuth: This app is automatically assigned to super admins. It's only used for running workflows in a request. You don't need to assign it to any users.
-
Okta Access Requests Resource Catalog: This app is automatically assigned to all users. Nothing is made available by default, and no app management is required.
Existing super admins get these apps automatically when you enable the feature. If you add super admins later, you need to manually assign the apps to them.
Configure policy for Okta Access Requests Resource catalog app
- Clone the authentication policy of your Okta Dashboard app.
-
In the cloned policy, set the Prompt for authentication condition to When an Okta global session doesn't exist.
-
Assign the cloned policy to your Okta Access Requests Resource Catalog app.