Okta Identity Governance release notes

Certify service accounts

You can now create resource campaigns to review and certify access for both SaaS application and Okta service accounts. This feature extends your governance strategy to non-human identities, ensuring you maintain visibility and control over critical service account access. See Certify service accounts.

This is an Early Access release. See Enable self-service features.

Governance for Workflows

You can now use Okta Identity Governance to manage access to Workflows roles. This helps you ensure that access to Workflows is granted consistently and in compliance with your company's requirements. See Governance for Workflows.

This is an Early Access release. See Enable self-service features.

Access Requests for AD Groups is generally available in Preview environments

You can now manage access requests for Active Directory (AD)-sourced groups directly from Okta. This allows you to use AD groups when configuring access request conditions and enables users to request membership directly from their Okta dashboard. When a request is approved, the requester's access is granted in AD. It's also removed when it expires (if it's time-bound). Additionally, if you select a resource owner as a task assignee in an approval sequence, the AD-sourced group's manager is assigned to the task. This feature eliminates the need for duplicate Okta groups or custom workflows and supports creating a strong security posture with time-bound access. See Access governance for AD groups.

This feature is generally available in Preview environments but it's an Early Access release for Production environments.

Escalate tasks is generally available in Preview environments

Access request admins and request assignees can escalate stalled tasks within a request to the task assignee's manager. Requesters can also escalate tasks within their access requests if you've enabled the Allow requesters to escalate tasks toggle on the Settings page. This helps expedite request resolution, prevents bottlenecks, improves productivity, and helps reduce the use of risky workarounds. Task escalation is a secure, auditable, and automated process that helps you adopt time-based access request models by supporting both efficient operations and strong security postures. See Manage tasks and Allow requesters to escalate tasks.

This feature is generally available in Preview environments but it's an Early Access release for Production environments.

Resource labels is generally available in Production environments

Define labels for resources across Okta to enable better visibility, filtering, and automation within Access Certifications when scoping and maintaining campaigns. See Resource labels.

Changes to preview user functionality

On the User page of the campaign wizard, Preview user is now called Preview expression scope. When you preview a user, Okta only validates the user against the Okta Expression Language expression that you specified. A user who matches the expression but isn't assigned to a resource in the campaign won't be included in the campaign.