Review campaigns

Use Access Certifications campaigns to periodically review users' access to resources. During a campaign, a campaign administrator determines the users, resources, and reviewers that are a part of the campaign.

If you’re assigned as a reviewer for one or more items in a campaign, you’re granted access to the Okta Access Certification Reviews application in your dashboard. You can review and make decisions about a user’s current access in the app.

Use the app to approve or revoke a user’s access, or reassign the review item to another user if needed. Your decisions on review items are final and you can’t change them.

Best practices

  • Verify your decisions before making them. When you submit a decision for a review item, it’s final and the action takes place immediately.
  • Add a business justification to provide context on the decision you made, whether that is to approve or revoke access. This note is visible to you and the campaign administrator. When reassigning a review item, the justification is visible to the user who you reassigned the review item to.
  • You can reassign a review item to another user if you think they’re better suited to review a user’s access. Reassigning a review item doesn’t extend the campaign’s end date. The new reviewer must approve or revoke access before the campaign ends.

Start this task

  1. On your dashboard, click Okta Access Certification Reviews.
  2. On the My reviews page, go to the Open tab, and select the access certification campaign that you want to begin reviewing.
  3. Select a review item to view more details about the user and resource you're reviewing, and the user’s resource usage.

    The review pane includes:

    • User Details: Information pulled directly from their user profile in Okta.
    • Resource Details: This section contains the following information:
      • The application or group that you're reviewing.
      • When the user last accessed the application and any previous reviews related to access. After you’ve completed a review, you can also review the decision and business justification you completed.
      • When the user's access to the application or group was last reviewed.
      • When the application was assigned to the user.
      • The entitlements that the user has for the resources. Currently, you can only view users' entitlements for AWS, Box, NetSuite, O365, and Salesforce apps.
    • History: This section contains useful information such as details about the initial assignment, business justification for the reassignment, details of the assigned reviewer, and the final decision of the reviewer.
  4. Click Approve or Revoke. Provide a business justification for your decision. When you approve or revoke access, the remediation process begins immediately.

    You can reassign a review item to another user if you think they’re better suited to review a user’s access. See Reassign review items.

  5. Click Submit.

You can also select multiple review items and approve or revoke access or reassign the reviews for the selected items. You can only take one action at a time and the business justification that you enter applies to the selected review items.

You can monitor your review metrics using the counts on the campaign page. In addition, you can reference the items that you’ve already reviewed from the Closed tab of the campaign’s page. On the Closed tab, you can filter by Resource and Decision, and search by a specific user.

Related topics

Reassign review items

About reviewing campaigns