Okta Identity Governance release notes

Release 2025.09.0

Features and Enhancements

Auditor reporting package

Use this feature to automatically generate access certification campaign reports, which are tailored to meet auditor requirements. These reports make preparing for compliance audits faster and easier by reducing the time and manual effort required for assembling and exporting campaign and user access data. See Auditor reporting package.

This feature is an Early Access feature on Production environments but it's generally available on Preview environments.

Entitlement history

Admins can now access a user's entitlement history. This feature improves auditing and compliance tasks and enhances visibility for troubleshooting access issues. See View user entitlements.

This is an Early Access release. See Enable self-service features.

Changes to Access Certifications UI

The Campaigns tab on the Access Certification page has been renamed Certification campaigns. The + Create campaign button has been relocated to the Certification campaigns tab.

This is an Early Access release. See Enable self-service features.

Changes to Access Certifications limits

The following limits have been updated for resource campaigns:

  • Maximum number of resources included in a campaign has been increased from 50 to 250.

  • Maximum number of apps reviewing entitlements has been increased from 10 to 20.

For user campaigns, the maximum number of excluded resources has been increased from 50 to 100. You can exclude a maximum of 100 apps or groups, or a combination of both.

Changes to resource campaigns UI

When you select apps to include in a resource campaign, the search results for apps that have entitlements available are now suffixed with Entitlements in parenthesis.

Governance delegates

You can set delegates for users or allow users to specify another user as a delegate to complete governance tasks for them. Governance tasks include access certification campaign review items and access request approvals, questions, and other tasks. After a delegate is specified, all future governance tasks (access request approvals and access certification reviews) are assigned to the delegate instead of the original approver or reviewer. This helps ensure that governance processes don't stall when approvers are unavailable or tasks need to be rerouted to a different stakeholder for a long period. It also reduces the time spent in reassigning requests and reviews manually. See Governance delegates.

Group owner role is now Resource owner

The Group owner role has been renamed Resource owner.

Improved user experience for Access Requests

The access request details page and email notifications have been improved for better visibility on approvers' tasks and requesters' responses. If you integrated Slack with Access Requests, similar changes have been made to the access request message that approvers receive. Also, the request assignee has been removed from Slack and email notifications and the email notification sender's name and address have been changed. The sender's new name is Okta Access Requests and the new email address is noreply@at.okta.com.

Security Access Reviews

Security Access Reviews are a new, security-focused type of user access review that can be automatically triggered by events. These reviews provide a unified view of a user's access, and contextual information about their access history including an AI-generated access summary, allowing you to investigate and take immediate remediation actions like revoking access. See Security access reviews.

To view release notes prior to this release, see Okta Identity Governance release notes (Archive).