Certify AI agents

As an access certifications admin, you can use Okta Access Certifications campaigns to review and certify user access to user sign-on apps that are linked to active AI agents and an AI agent's resource connections.

Running campaigns periodically helps ensure that your users and AI agents have the appropriate level of access.

A campaign is an access review from a certification and compliance perspective. You can run campaigns that focus on the resource and who can access the resource or focus on the identity (user or AI agent) and resources that the identity can access.

If you need clear visibility on who has access to a user sign-on app and its linked AI agents, use a resource campaign. This campaign type helps you review access to sensitive resources and meet compliance requirements. See Create resource campaigns to certify apps with AI agents.

If you want to maintain visibility and control as AI agent resource connections changes over time, use identity campaigns. Identity campaigns enable you to set the identity type and scope for your campaign so that you can review the access that these identities (AI agents or users) have. See Create identity campaigns to certify resource connections.

There are two primary personas involved:

Admin
A super or access certifications admin (for campaigns). The admin is responsible for setting up and configuring the campaign, and then defining its scope and launching it.
Reviewer
The user responsible for making governance decisions. Reviewers access their assigned review items from the email notification or the Okta Access Certifications Reviews app tile on their dashboard.

To learn more about the Okta Access Certifications product, see Access Certifications.