Welcome to iamse.blog
This blog presents a series of articles on Identity and Access Management (IAM) written / curated / compiled by an experienced group of Okta Sales/Solution Engineers (SEs) and other interested parties. You will find Okta-centric articles and IAM domain articles, some written here and others collected from different sites where they have been published.
See the blocks down the side to navigate between pages, categories, tags and authors.
You won’t want to miss the amazing content that gets published continuously, so subscribe right here:

- New in Workflows: Security Operations Solution Packsby Mark SmithOkta Workflows has just released a number of templates focused on Security Operations Centre (SOC) processes. These Workflow templates are designed to help solve specific identity-based automation challenges for the Security Operations team using a bundled collection of pre-built and fully customizable flows. The categories include: Some of the main benefits are: To find all … Continue reading New in Workflows: Security Operations Solution Packs →
- Learn How to use Workflows for Inline Hooksby Mark SmithNow that Low Latency Flows are available, Inline Hooks can use Okta Workflows to implement the hook endpoint. The Low-latency feature ensures consistent execution times for your flows by running flows that meet a specific set of criteria separately from those that don’t. Okta routes low-latency flows to an optimized processing queue with minimal wait … Continue reading Learn How to use Workflows for Inline Hooks →
- Low Latency Flowsby Mark SmithOkta Workflows doesn’t guarantee execution latency. Usually flows run very fast. However, Workflows is a multi-tenant system and doesn’t have a latency SLA. Flows execution times depend on: Because specific latency can’t be guaranteed, up until now, Workflows shouldn’t be used in any flows where execution time is critical to the scenario, such as token … Continue reading Low Latency Flows →
- Fixed Recovery Questions with Workflowsby Toby AllenRecently an Okta customer was interested in being able to set a fixed Recovery Question for a subset of its employees. In particular they wanted to use an attribute from their source of truth as a security answer. Having a fixed security question and answer based on an employee attribute does have security drawbacks however … Continue reading Fixed Recovery Questions with Workflows →
- OIG Access Requests – Can an Approver Supply Information for a Request?by David Edwards (IAmDavid)Recently someone asked if Okta Identity Governance (OIG) Access Requests could be setup so a manager could supply additional information for the request. Their use case, the requester wants access to an application but they don’t know the role they need, so the manager would select the role at the approval stage. Short answer – … Continue reading OIG Access Requests – Can an Approver Supply Information for a Request? →
- Okta Devices SDK Sample Appby Mark SmithPowered by the Okta Devices Platform Service, the Okta Devices SDK and the Devices API offer a single integration to unify user identity and device identity, along with all of the tools necessary to build passwordless sign-in flows through branded push notifications and biometric capabilities. All of these powerful functionalities come together to deepen security … Continue reading Okta Devices SDK Sample App →
- Enforcing device assurance on unmanaged devices (BYOD)by Dany LeclercOne of the biggest challenges for organisations is being able to increase the security posture of their employee’s BYOD devices while respecting their privacy and improving their user experience. Okta announced recently the new feature called Okta Device Assurance which allow organisations to increase the posture of their BYOD’s users leveraging Okta Verify Application. Until … Continue reading Enforcing device assurance on unmanaged devices (BYOD) →
- Did You Know the Machine Learning in OIG Access Requests Extends to the WebUI?by David Edwards (IAmDavid)If you’ve seen a demonstration of Okta Identity Governance (OIG) Access Requests, you have probably seen the machine learning (AI) capability when requesting access in Slack or Microsoft Teams. You ask for access to something, and the AI will try to determine the best request type to present. It learns over time, so that terms … Continue reading Did You Know the Machine Learning in OIG Access Requests Extends to the WebUI? →
- New Reviewer Options in OIG Access Certificationby David Edwards (IAmDavid)There was a recent change to the reviewer selections for Okta Identity Governance (OIG) Access Certification to allow for more options and to simplify the administrative experience. The feature is currently an Early Access feature (the “Reviewer Assignment” enhancement) that can be turned on in an OIG-enabled Okta org. It will roll into production over … Continue reading New Reviewer Options in OIG Access Certification →
- Okta Identity Governance and/or Service Now – Architectural Patternsby David Edwards (IAmDavid)Most organisations have some ITSM or service request tool, and ServiceNow is the most common. So it’s understandable that any conversation about Okta Identity Governance, particularly access requests, will involve comparison with ServiceNow or integration patterns for both products. How do you approach an access request solution? Which product is going to meet your needs … Continue reading Okta Identity Governance and/or Service Now – Architectural Patterns →
- Risk-Based Application Certification in OIGby David Edwards (IAmDavid)If you were at Oktane22, or have listened to the Oktane22 roadmap sessions, you will know risk and use of risk signals is a key focus for Okta going forward. This includes leveraging risk in Okta Identity Governance (OIG), to help make access requests and access certification more effective. But can you leverage risk today? … Continue reading Risk-Based Application Certification in OIG →
- Logging a ServiceNow Request via Workflows from OIG Access Requestsby David Edwards (IAmDavid)A common ask for Okta Identity Governance is to be able to log at ticket in a service desk tool, like ServiceNow, for manual provisioning activities after following an approval process in Access Requests. This article explores one approach to this using OIG Access Request events in the Okta System Log, Event Hooks and Okta … Continue reading Logging a ServiceNow Request via Workflows from OIG Access Requests →
- OIG Access Requests – Cancelling a Timerby David Edwards (IAmDavid)If you’re familiar with the timer feature in Okta Identity Governance (OIG) Access Requests, you may have wondered if you can cancel a running timer and if so, how? Let’s show how it can be done. If you’re not familiar with the timer feature, have a read of this article: https://iamse.blog/2022/07/27/oig-access-requests-using-the-new-timer-feature/. A timer is used … Continue reading OIG Access Requests – Cancelling a Timer →
- OIG Access Requests – Public or Private?by David Edwards (IAmDavid)If you have looked at Okta Identity Governance Access Requests, you will know that a request will contain the history of the activity, such as the questions asked and answered, approval steps performed and actions taken. Did you know that a request, with all this information, can be Public or Private? Did you know that … Continue reading OIG Access Requests – Public or Private? →
- OIG – Triggering Workflows From Access Certification Reviewsby David Edwards (IAmDavid)Okta Identity Governance (OIG) provides an access certification component for reviewing users and their access. When reviewing access, a reviewer (such as a users manager) can approve or revoke the access (or reassign). With the revoke action, the access certification campaign can be configured to automatically remove access or do nothing (i.e. leave the access … Continue reading OIG – Triggering Workflows From Access Certification Reviews →
- OIG Access Requests – Clearing “Stuck” Requestsby David Edwards (IAmDavid)When working with Okta Identity Governance (OIG) Access Requests, you may find a request in a “stuck” state, where you can’t complete a step or the request doesn’t automatically close when done. Perhaps you’re testing a new Request Type and missed a step or have something misconfigured when you tested it. As an administrator you … Continue reading OIG Access Requests – Clearing “Stuck” Requests →
- Reassigning Managers for an Access Certification Campaignby David Edwards (IAmDavid)A common requirement for Identity Governance and Administration (IGA) controls is for reassignment when a reviewer, like a manager, goes on leave. Okta Identity Governance (OIG) currently supports manual reassignment of access certification reviews by an administrator or by the reviewer themselves. But what about automatic reassignment based on a change to the user profile, … Continue reading Reassigning Managers for an Access Certification Campaign →
- Access Certification – Helping Reviewers Decide whether to Approve or Revoke Accessby David Edwards (IAmDavid)The user interface, and general user experience, has been a challenge with Identity Governance and Administration (IGA) products for many years. Unlike many IT products, IGA solutions are used by all business users and need an easy to use and understand interface. This is particularly so with Access Certifications – business owners (like managers or … Continue reading Access Certification – Helping Reviewers Decide whether to Approve or Revoke Access →
- OIG – Certification for External System Entitlementsby David Edwards (IAmDavid)A common ask for Okta Identity Governance (OIG) is to be able to do access certification on external application data. Currently OIG can only run campaigns on objects (group memberships and application assignments) in the Okta Universal Directory (UD). Importing of external system entitlements is on the product roadmap. But with some understanding of the … Continue reading OIG – Certification for External System Entitlements →
- Extracting Okta ASA Audit Log with Okta Workflowsby David Edwards (IAmDavid)The audit logs in Okta Advanced Server Access (ASA) can be viewed in the ASA administrative interface or extracted via the ASA Audit V2 API (and this is what the integrations with SIEM tools do). But what about the situation where you just need to extract all the logs and process them somewhere? You could … Continue reading Extracting Okta ASA Audit Log with Okta Workflows →
- OIG Access Requests – Where Do I Assign Teams?by David Edwards (IAmDavid)A common concern from a new Okta Identity Governance (OIG) Access Requests deployment is “I can’t see the Application or Group list when building a Request Type”. The most common cause is the assignment of Teams. Teams are the access control mechanism built into OIG Access Requests. They control who can create and own Request … Continue reading OIG Access Requests – Where Do I Assign Teams? →
- Auth0 Integration with Okta Workflows – Part Twoby Mark SmithThis blog post is part two in the series. The first post can be found here: Auth0 Integration with Okta Workflows – Part One For large organizations comprised of numerous independently managed business units, centralizing identity can be extremely challenging. Okta hub-spoke architecture model has been key in solving this issue for many organizations for … Continue reading Auth0 Integration with Okta Workflows – Part Two →
- Okta Workflows How-To: Customize your MS Teams messagesby Bryan BarrowsHow to leverage Custom API Actions to send customized MS Teams messages with Okta Workflows.
- Generate Auth0 Access Token via Okta Workflowsby Mark SmithOkta Workflows makes it easy to automate identity processes at scale – without writing code. Using the if-this-then-that logic, Okta’s pre-built connector library and the ability to connect to any publicly available API, anyone can innovate with Okta. The Customer Identity Cloud (aka Auth0 Identity Platform), a product unit within Okta, takes a modern approach to … Continue reading Generate Auth0 Access Token via Okta Workflows →
- Optimising Twilio Flex Licensing with Okta Workflowsby Toby AllenTwilio Flex, Twilio’s contact centre solution, supports SAML 2.0 for Agent and Supervisor provisioning and access. Users are provisioned Just In Time into TaskRouter workers with skills and attributes created or updated when a user logs in. Unfortunately Twilio provides no standard way of de-provisioning users. This means that Flex licenses may continue to be … Continue reading Optimising Twilio Flex Licensing with Okta Workflows →