Govern Okta Admin Roles (free version of Okta Identity Governance*)

IGA, OIG 1 Minute

*This new feature is included in the Okta WIC platform and all Okta workforce customers are entitled to use it! It is governance just for the Okta admin roles, not all IGA use cases. We started gradual roll out, soon every workforce customer will be able to see it in their preview orgs.

TL;DR – It is all about access requests and certifications scoped to your Okta Admins. I’ve created a step-by-step video on how to set it up. Check below!

Okta just started a gradual roll out of Govern Admin Roles new feature in EA (Early Access). This is a great opportunity to leverage Identity Governance features to keep your Okta tenant more secure. The best part is every Okta workforce customer can experience it scoped to their admins for free. You can enable it today in your Admin Console!

With Govern Admin Roles, it is possible to have just-in-time admins and eliminate static privileged accounts lying around. A non-privileged user who is allowed to be an Okta Admin can easily request a tailored and time-based admin role needed to do their job directly from their Okta Dashboard.

The request will trigger the defined approval process that is easy to configure (no code). The approvers could be, for example, the user manager in the first step and the resource owner as the second approver.

Besides the traditional approving via email or the UI, approvers can get a direct message from Okta bot in Teams or Slack and quickly approve/deny from the chat window.

Once everything is approved, Okta will automatically grant the admin role for the defined period of time and remove it when the time comes.

In case there is need for permanent Okta Admins (those who should always keep their privileged roles) it is possible to ensure the least privilege by periodic access reviews/certifications that are also very easy and fast to set up.

Check the video below where I show step-by-step how to turn it on, configure, and use the Govern Admin Roles feature:

See also – https://iamse.blog/2024/04/08/a-look-at-the-new-govern-okta-admin-roles-feature/.

Published by Ivan Gotti

Passionate about technology and innovation, I am curious and love to learn new things. I am graduated in Computer Engineering, Master in Strategic IT Management, CISSP and PMP certified. With more than 15 years of IAM experience in LATAM, EMEA and USA. I have worked at Novell, NetIQ, Microfocus, and Okta. Been in multiple roles selling, architecting and implementing successful projects in companies like Embraer, ASML, and Philips Lighting. I am currently with Okta, helping organizations with their CIAM and Workforce identity challenges. I love family road trips, barbecuing with friends, and riding old motorcycles.

Published

One thought on “Govern Okta Admin Roles (free version of Okta Identity Governance*)

  1. Pingback: Reduce Risk through Governance for Okta Administrators – IAmDavid

Leave a Reply