Okta Identity Governance release notes

Govern Okta admin roles

As a super admin, use this feature to adopt a zero standing privilege model for your org. This feature enables users to request time-bound access to Okta admin roles directly from their End-User Dashboard. It also enables you to periodically review their admin access.

The feature helps you streamline processes around requesting, approving, and certifying access to admin roles. It also enables you to control the level of access and its duration to your org's critical resources. In addition, you can audit user's existing admin role assignments using Access Certifications campaigns and specify reviewers who should approve or revoke user's access.

See Governance for Admin Roles.

Govern Okta admin roles might not be available for you depending on your org's eligibility. Contact your account executive or customer success manager for more information.

Access request conditions and resource catalog

This feature provides a new method to streamline your access requests for apps, entitlements, and groups from the app' s profile page in the Okta Admin Console.

As a super admin, you can set up app-specific access request conditions that define requester scope, access level, expiration for the access level, and the approval sequence. Based on your active conditions, requesters can request access to an app or app access level directly from their End-User Dashboard.

Compared to request types, this approach allows you to reuse existing relationships between users, groups, and apps defined in Okta to govern access instead of recreating these in Okta Access Requests. This feature also integrates the resource catalog in the End-User Dashboard with Access Requests to make the process of requesting access intuitive and user-friendly. See Access Requests and Create requests.

In addition, you can view and edit a user's access duration for the app if the app has Governance Engine enabled. See Manage user entitlements.