Get started with Access Requests

To manage access requests to resources, you must be a super admin or an access requests admin.

To manage access requests for admin roles, see Access Requests for admin roles and Get started instead.

Before you begin, determine the method you want to use to configure and manage access requests:

The setup, maintenance tasks, and limits vary for each method.

Ensure that you've allowlisted the standard Okta IPs for your orgs before accessing Access Requests. See Allow access to Okta IP addresses.

Conditions

Initial setup tasks

As a super admin or a user with both access requests admin and app admin roles, follow this sequence of tasks to configure conditions for an app:

Admin task

Description

Access request conditions Introduction to access request conditions.
Required app assignments All users in the org are implicitly assigned to the Okta Access Requests Resource Catalog app. All existing super admins are automatically assigned the Okta Access Requests Admin app.

All users are automatically assigned to the Okta Access Requests app when they use Access Requests for the first time. The app is also automatically assigned to admins when they're assigned the admin role that provides them access to Access Requests.

Check that the admins were assigned the Okta Access Requests app. If the app wasn't assigned automatically or the user was unassigned, you must assign the app to the user to avoid errors.

Optional. Set up new authentication policies.

These steps are optional. For a better user experience, modify the authentication policy for the following apps:
Access Requests integrations Integrate Slack or Microsoft Teams with Access Requests to perform additional actions.
Create an access request condition Define which users can request access to specific apps, how long should they have access for, and who should approve their access request. The conditions you create are in an inactive state by default and must be enabled for them to take effect.
Enable a condition Enable your new access request condition so that it's active.

Maintenance tasks

As a super admin or a user with both access requests admin and app admin roles, complete these tasks after your initial setup, as needed:

Admin task

Description

Manage conditions Enable, disable, view, edit, delete, or change the priority order of a condition.
Manage approval sequences Modify an existing approval sequence to add or remove tasks and questions. Changes to a sequence impact all access request conditions that use the sequence.

Request types

Initial setup tasks

As a super admin or access requests admin, follow this sequence of configuration tasks to start using Access Requests:

Admin task

Description

Request types Introduction to request types and its components.
Configure your Okta org for request types Configure settings and items in Okta that you'll need to use in request types.
Create an Access Requests team Create teams to determine who can configure new requests and manage existing ones.
Create a configuration list Create configuration lists to allow teams to automate end user's access to resources. Configuration lists also control the specific options available to the end users as a request gets processed.
Access Requests integrations Integrate Jira, ServiceNow, Slack, or Microsoft Teams with Access Requests to perform additional actions, or use synced information.
Create a request type Create a request type, which is a customizable no-code structure that defines and automates how a user is granted access through a request.
Manage requests Understand the steps admins or assignees need to do to manage a request after it's submitted. They must always be members of the Access Requests team that owns the request type for the request that's being used.

Maintenance tasks

As a super admin, complete these tasks after your initial setup, as needed:

Admin task

Description

Generate the Past Access Requests report View who has requested access to resources and related data points, including whether access was granted and by whom.

End-user experience

Understand user tasks from an admin perspective:

User task

Description

Create requests Understand how your requesters can submit requests using methods like Access Requests web app, Slack, and Microsoft Teams. Requesters can request access to an app directly from their dashboard if you've set up conditions for the app.
Manage requests Understand the steps that request assignees need to do to manage a request that's managed by condition or request type.
Manage tasks Understand how request approvers approve or deny a request from the Access Requests web app. The request can be managed by condition or request type.

Limits

There are several limits applicable to your organizations, conditions, request types, and requests. Refer to the following tables.

Organizations

You can have a maximum of 100,000 users in your organization.

Conditions

Limit Maximum
Number of approval sequences for an org 500
Conditions for each app 100
Groups used to define the requester scope in a condition 100
Unique groups used to define the requester scope for all conditions in an org 100
Entitlement bundles in access scope for a condition 100
Steps in an approval sequence 10

Questions within a question step

5

Request types

Limit Maximum
Active request types in each organization 500
Tasks in each request type 100
Fields in each request type 100
Applications used 5,000
Groups used 15,000
Number of users in a pushed group 25,000
Configuration lists 100
Items for a configuration list 1,000

Requests

Limit Maximum
Open or Pending requests for an organization 10,000
Resolved requests for an organization

(This only counts requests that are accessible within the application.)

50,000
Tasks in a request 100
Fields in a request 100
Followers in a request 100
Updates in a request 500
Request list filter values 25