OIG Access Requests – Who is the Request Assignee?

IGA, OIG, OIG Access Requests 2 Minutes

As is often the case, product documentation tells you how to turn on or configure a function but often doesn’t provide the context of that function. I found this yesterday when exploring something with a customer in Okta Identity Governance (OIG) Access Requests.

What is the Request Assignee you can assign to some of the steps in an Access Request Type and how would you use it? This article will describe the Request Assignee and how it could be used.

Most of the steps in a Request Type (request flow), such as questions, tasks, approvals and actions, can be assigned to someone. For a question, you may be defining who needs to provide the answer to a question (and it doesn’t have to be the requester). For an approval step, it is the person (or person in a group) who will review and approve/reject a request. For most of these, you can select the assignee, but for some actions, this is a fixed user (e.g. Okta actions are assigned to a user “Okta”).

The options normally used are: Requester (person asking for access), Requester’s Manager, a member of an Access Requests Team (admin group in Access Requests), a specific user, or a member of an Okta group (i.e. Group pushed from Okta to Access Requests). The grouping options are discussed in Understanding User Grouping and Where Do I Assign Teams?.

But what is this first option – Request assignee?

To understand that we need to look at a Request Type and its ownership. When defining a Request Type (request flow) you specify the (Access Request) Team who will own the request – i.e. who can manage the flow definition and who can manage any request for that type.

This is the team of people that will administer the requests, such as a helpdesk team or and IT ops team or a security admin team.

When someone raises a request, Access Requests will select one person in that team to be the Assignee.

The requester will also see the Assignee in the WebUI so they know who they can contact about their request.

When would you use the Request Assignee in a request flow? When you want them to be prompted to, and interact with, a request (other than normal monitoring and management of requests). You may want the assignee to provide some commentary on the request through a Question, or you may want them to be an Approver in a multi-level approval flow.

Hopefully this has cleared up what a Request Assignee is when Assigned to a step in a flow.

Published by David Edwards (IAmDavid)

I have been working in Identity Management for a quarter of a century, spending 22 years working on various IAM products at IBM and now three years at Okta. Over that time I have worked across pre- and post-sales, including stints in services, fly-in support and technical enablement. I have covered access management, single signon (desktop, web and federated), identity governance and administration (IGA), directories and directory integration, and privileged access management (PAM). I'm one of the few identity practitioners with experience with mainframes and legacy on-premise systems like SAP. And I love to write!

Published

Leave a Reply