Review an access certification campaign

Access Certifications campaigns are used to periodically review users' access to resources. During a campaign, a campaign administrator will determine the users, resources and reviewers that are a part of the campaign.

If you have been assigned as a reviewer for one or more items in a campaign, you will be granted access to the Okta Access Certification Reviews application in your dashboard, where you can review and make decisions about a user’s current access.

In the Okta Access Certification Reviews application, you can approve or revoke a user’s access, or reassign the review item to another user if needed. Your decisions on review items are final and can’t be changed after you submit them.

Best practices

  • Verify your decisions before making them. When you submit a decision for a review item, it’s final and the action is taken immediately.
  • Add a business justification to provide context on the decision you made, whether that is to approve or revoke access. This note will be visible to you and the campaign administrator. When reassigning a review item, the justification will be visible to the user who you reassigned the review item to.
  • You can reassign a review item to another user if you think they are better suited to review a user’s access. Reassigning a review item doesn’t extend the campaign’s end date. The new reviewer must approve or revoke access before the campaign ends.

Start this task

  1. On your dashboard, click Okta Access Certification Reviews.
  2. On the My reviews page, go to the Open tab, and select the access certification campaign that you want to begin reviewing.
  3. Click on a review item row to view additional details about the user and resource being reviewed, as well as the user’s usage of the resource.

    The review pane includes:

    • User Details: Information pulled directly from their user profile in Okta
    • Resource Details: Information stored about the application or group being reviewed
    • Access Details: Information about when the user last accessed the application and any previous reviews related to access. After you’ve completed a review, you’ll also be able to review the decision and business justification you completed.

    The review pane includes:

    • User Details: Information pulled directly from their user profile in Okta.
    • Resource Details: This section contains the following information:
      • The application or group being reviewed.
      • When the user last accessed the application and any previous reviews related to access. After you’ve completed a review, you can also review the decision and business justification you completed.
      • The entitlements that the user has for the resources. Currently, viewing users' entitlements is only supported for AWS, Box, NetSuite, O365, and Salesforce apps.
    • History: This section contains useful information such as details about the initial assignment, business justification for the reassignment, details of the assigned reviewer, and the final decision of the reviewer.
  4. Click Approve or Revoke. Provide a business justification for your decision. When you approve or revoke access, the remediation process begins immediately.

    You can reassign a review item to another user if you think they are better suited to review a user’s access. See Reassign review items.

  5. Click Submit.

You can also select multiple review items and approve or revoke access or reassign the reviews for the selected items. You can only take one action at a time and the business justification that you enter applies to the selected review items.

You can monitor your review metrics using the counts on the campaign page. In addition, you can reference the items that you have already reviewed from the Closed tab of the campaign’s page. On the Closed tab, you can filter by Resource and Decision, and search by a specific user.

Related topics

Reassign review items

About reviewing campaigns