Configure policies for Govern Okta admin roles apps
The Govern Okta admin roles feature includes the following apps.
-
Okta Access Requests: This app is automatically assigned to super admins. It controls which super admins can be assigned to a request. You can assign it to approvers if you want to assign them tasks, and to end users if you want them to see the Request admin role button. This is the only app visible on the Okta dashboard.
-
Okta Access Requests OAuth: This app is automatically assigned to super admins. It's only used for running workflows in a request. You don't need to assign it to any users.
-
Okta Identity Governance: This app is automatically assigned to all users. Nothing is made available by default, and no app management is required.
Existing super admins get these apps automatically when you enable the feature. If you add super admins later, you need to manually assign the apps to them.
Configure policies for the Okta Identity Governance app
- Clone the authentication policy of your Okta Dashboard app.
-
In the cloned policy, set the Prompt for authentication condition to When an Okta global session doesn't exist.
-
Assign the cloned policy to your Okta Identity Governance app.