Create a request type
This page explains the general process of creating a request type for Okta Access Requests. For a more specific example, see Configure a request type associated with bundles or Create a sample Request Type.
If you're new to Access Requests, use conditions to manage access requests first.
Before you begin
- Create an Access Requests team or ensure that you're a part of the team you want to create a request type for.
- Push Okta groups to Access Requests
- To use a requester's manager as approver, ensure that the managerId user attribute in Okta is set as the Okta username or email address of the user's manager. Otherwise, the request's assignee has to manually specify an approver for the request.
- To use the group owner as an approver in requests, consider the following:
- If the owner of a group in Okta is another Okta group, this group must be pushed to Access Requests for it to be used as an approver.
- If you want to assign group owners as approvers for a request type, ensure that you have group owners configured in Okta. See Group ownership.
- If there are multiple group owners, only one group owner needs to review and take action on the request. So if a group member approves or revokes access for a request, the request is marked as completed for all owners.
- If the number of group owners within a group is greater than 10, then requests are randomly assigned to 10 group owners.
-
To use the Run a workflow action, ensure that you have the following setup:
-
Enable the Okta Workflows actions in Access Requests feature for your org.
Early Access release. See Enable self-service features.
-
Set up delegated workflows. See Delegated flows and Build a delegated flow. Make sure that the delegated flows you need are active in the Workflows Console.
-
Create a custom admin role with the following configuration:
-
The role has the Run delegated flow permission.
-
The resource set contains at least one delegated flow that needs to be executed.
-
This role and the resource set are assigned to the Okta Access Requests OAuth application.
-
-
Sync the Workflows resource manually to immediately use the delegated flow you created. See Manually sync resources from Okta.
-
Give teams access to the Workflows resource.
-
Go to
. -
Click Manage Access.
-
Enable the toggle for the team on the Full access to all Workflows dialog.
-
-
Check that the teams that you need and the Run a workflow toggle are enabled.
-
In the Access Requests console, go to .
-
Click Edit connection on the Okta tile.
-
Check that the teams you need are listed. If not, open the Select teams dropdown menu and select the teams.
-
Enable the Run a workflow toggle if it's disabled.
-
See Create an admin assignment using a role.
-
Start this task
-
Open the Access Requests console.
-
On the left panel, click Access Requests.
-
Click Create Request Type.
-
From the editor window, configure the general settings. See General settings.
-
Click Question to add questions to collect information from users. A requester can't modify answers to the questions after they submit the request.
-
Configure the question settings. See Question settings.
-
Optional. Click Question to add more questions. Drag the questions to change the order in which they appear to the requester.
-
Click Task on the central panel to add tasks to prompt actions from a user.
-
Configure the task settings. See Task settings. You can also add a task that automatically runs an Okta workflow.
-
Optional. Click Task to add more tasks.
-
Optional. Click Timer on the central panel to add a timer to control the flow and timing of follow-up actions.
Timers can last for up to 90 days. If a duration or date is specified outside the limit, the timer still ends after 90 days. After the timer expires, the request begins any follow-up actions. The timer ignores any changes to the request that would change the end date of the timer.
-
Configure the timer settings. See Timer settings.
-
Optional. Configure conditional logic for tasks or questions.
-
Select a task or question on the central panel.
-
On the right panel, open the Logic tab.
-
From the dropdown menu, select Only show this field if or Only show this task if
-
From the Field or task dropdown menu, select a task or question that should be a prerequisite.
-
Specify a logical operator and content to match against. The available operators vary depending on the input type that you've selected for your question or task, and the task type. See Operators.
-
Optional. Add more conditions.
-
After you add a second condition, select All or Any from the dropdown menu to determine whether requesters need to meet all or any of the conditions for the field or task to be available to them.
-
- Click Publish to make the request type available to the specified audience.
To understand the experience for requesters and approvers, see Create requests and Manage tasks.