Certify AI agents
As an access certifications admin, you can use Okta Access Certifications campaigns to review and certify user access to user sign-on apps that are linked to active AI agents and an AI agent's resource connections.
Running campaigns periodically helps ensure that your users and AI agents have the appropriate level of access.
A campaign is an access review from a certification and compliance perspective. You can run campaigns that focus on the resource and who can access the resource or focus on the identity (user or AI agent) and resources that the identity can access.
If you need clear visibility on who has access to a user sign-on app and its linked AI agents, use a resource campaign. This campaign type helps you review access to sensitive resources and meet compliance requirements. See Create resource campaigns to certify apps with AI agents.
If you want to maintain visibility and control as AI agent resource connections changes over time, use identity campaigns. Identity campaigns enable you to set the identity type and scope for your campaign so that you can review the access that these identities (AI agents or users) have. See Create identity campaigns to certify resource connections.
Okta Privileged Access, Identity Security Posture Management (ISPM), Access Governance's Governance Analyzer feature, and the LLM-generated summary functionality within the Security Access Reviews feature of Access Governance are excluded from the Okta for AI Agents - Core SKU, which is the version of Okta for AI Agents available to FedRAMP Moderate and FedRAMP High customers. Okta for AI Agents - Core is not available in Okta for US Military cells. For a current list of features that are excluded from the Okta for AI Agents - Core SKU, see Okta US Public Sector Limitations or Exceptions.
There are two primary personas involved:
- Admin
- A super or access certifications admin (for campaigns). The admin is responsible for setting up and configuring the campaign, and then defining its scope and launching it.
- Reviewer
- The user responsible for making governance decisions. Reviewers access their assigned review items from the email notification or the Okta Access Certifications Reviews app tile on their dashboard.
To learn more about the Okta Access Certifications product, see Access Certifications.