Realms with Okta Identity Governance

Early Access release

You can use realms with Okta Identity Governance offerings, Access Certifications and Entitlement Management, using Okta Expression Language to restrict the user scope to a realm.

Certify users in your realms with Access Certifications

Use Access Certifications campaigns to review and certify realm users' access to resources.

Likewise, you can assign users they want, including realm admins, as reviewers and have each reviewer only receive approval requests for users using Okta Expression Language for the realms they manage.

While creating a User campaign, to restrict the user and reviewer scope to the people in your realm, select the following options:

  1. On the Users page, select the Custom (Okta Expression Language).

  2. On the Reviewers page, select the Reviewer type as Custom.

You can use the following sample expressions:

Scope Use case

Sample expressions

Users Only include users who belong to a specific realm in the campaign user.realmId == "o4cbj6ybZl1QShj0g7" OR user.realmId == "guo4c8usniIlFgluO0g7" OR user.realmId == "guo4c7skrkbxDgJ140g7"
Reviewers Specify reviewers who belong to a specific realm user.realmId == "guo4c8usniIlFgluO0g7" ? "jane@gmail.com":(user.realmId == "guo4c8usniIlFgluO0g7" ? "joe@gmail.com":"joea@gmail.com")

For additional information, see Examples of Okta Expression Language.

Configure application entitlement policy with Entitlement Management

You can use Entitlement Management to create an app entitlement policy based on a user's profile attributes, such as user.realmId.

You must enable Governance Engine for the app to create a policy.

You can use the following sample expression to include users who belong to a specific realm in the policy rule:

user.realmId == "o4cbj6ybZl1QShj0g7" OR user.realmId == "guo4c8usniIlFgluO0g7" OR user.realmId == "guo4c7skrkbxDgJ140g7"

For additional information, see Examples of Okta Expression Language.

Related topics

Identity Governance

Access Certifications

Entitlement Management