Create campaigns

Early Access release. See Enable self-service features.

Create resource or preconfigured campaigns to help ensure that your users have the right level of access.

You must be a super admin who's assigned to the Okta Access Certifications app to create campaigns. The app provides access to the Access Certifications section of the Admin Console.

Resource campaigns

Use the steps listed in Create resource campaigns but keep these considerations in mind:

  • You can only use resource campaigns to review users' admin role assignments

  • On the Resource page, make the following selections:

    1. Select Applications as the resource type and Okta Admin Console as the app. The Review entitlements checkbox is selected by default.

    2. Select Specific entitlements and bundles.

    3. Select Entitlements to certify admin roles assigned directly from the Admin Console. Alternatively, select Bundles to certify admin roles that were assigned using access request conditions.

  • The following campaign settings are enabled by default:

    • Disable self-review

    • Require business justification

  • To avoid errors at the time of campaign launch, don't assign yourself as a reviewer on the Reviewer page of the campaign creation wizard if your own admin assignments are being reviewed in that campaign.

  • Select reviewers carefully for campaigns that govern admin roles. All reviewers, regardless of whether they're an admin, can approve or revoke access for review items assigned to them. They can do this even if the user whose access they're reviewing is an admin. The remediation happens immediately.

  • Only super admins can reassign review items to another reviewer after the campaign is active.

Preconfigured campaigns

You can create the Okta administrator review or Discover inactive users campaign using the steps listed in Create preconfigured campaigns.

However, if you aren't subscribed to Okta Identity Governance, the following limits apply for the Discover inactive users campaign:

  • You can use Discover inactive users to review one preselected app in your org with the highest number of inactive users. The app is selected from a predefined list of most popular apps used by Okta customers.

  • You can only launch the campaign a maximum of five times

  • As a super admin, you can't configure the following settings:

    • Specify a different the app in the campaign

    • Modify the preset user scope (no recent activity) or inactive time interval (90 days).

    • Set up a series of recurring campaigns

    • Review entitlements

    • Specify a reviewer type other than an individual user

    • Allow reassignments

    • Set up multiple review levels

  • Campaign reviewers can't take the following actions

    • Approve or revoke multiple review items at once

    • Reassign review items to another user

Related topics

Create resource campaigns

Manage campaigns