This article looks at the new customisable reviewer content in Okta Identity Governance (OIG) Access Certifications.
The doc link for this new feature is https://help.okta.com/oie/en-us/content/topics/identity-governance/access-certification/iga-ac-customizable-context.htm.
Introduction
Access Certification (or recertification, attestation) is a key capability in any Identity Governance product and it is the one most likely to cause friction with business users. If you’re responsible for running an aspect of the business, recertifying the access of your direct reports is probably not high on the priority list. So it’s important that the process to review access is as straightforward and usable as possible.
Okta has gone to great lengths to make the user review interface as simple and usable as possible. But up until now the column headings and attributes displayed when reviewing an Access Certification Campaign were fixed and many customers have asked for the ability to modify the attributes used.
This new feature makes user reviews more flexible and will allow:
- Specification of the attributes to appear in a review,
- The ability to sort and size the columns on the review summary page
- The ability to filter the reviews by attributes, and
- The ability for the reviewer to select the attributes displayed on the summary page
We will explore these features below.
Enabling the New Feature
This feature is currently in self-service Early Access (EA) and needs to be enabled in Settings > Features under the Early access heading. It’s called “Access Certifications – Customizable Reviewer Context“.
When this feature moves out of EA, this feature setting will go away and the feature will be enabled by default.
Configuration of the New Feature
When you navigate to the Identity Governance > Access Certifications menu item, you will notice the page has changed subtly. The previous Active, Scheduled and Closed tabs have been made selection boxes (with the number of each shown). In the example below, the Active campaigns are showing (and there is one of them).
There are now two tabs, Campaigns and Settings, with Campaigns being the default view.
The Settings tab contains the new contextual information, i.e. the attributes presented for users, resources and other .
The Edit button allows changing the attributes, with pull-down sections for each.
The User information section allows for selection/deselection of base and custom attributes (for example the Current Project attribute is a custom attribute).
The Resource information contains both attributes for applications and groups to be reviewed.
The Additional information is currently used for entitlements in the Entitlement Management capability and Governance history, but may be expanded in the future.
When saved and a new campaign is created/launched, it will adopt these changed settings. There is no change to the configuration screens to modify the new context for a specific campaign.
Review Summary Changes
When the reviewer opens the new campaign, they will see some changes from previously.
They are:
- Filters – there is a list of active filters, and a button to set/manage the filters
- A Sort option for each of the columns
- Flexible columns – where you have modified the columns in the Settings page
- Resize bars – so you can resize the width of the columns
- A Menu icon for more actions – the only current option is to customize the view
Let’s look at these.
Filters
You can apply filters on any attribute available to the campaign.
Some require exact matches, some can use Contains/Starts with. When selecting items like resources, you will get a matching dropdown list. You can have multiple conditions in the filter.
This results in a filtered view.
You can remove filters by clicking the cross icon in the filter bar, or by going back into the filter edit screen and changing them there.
Sort Option
Selecting any of the column headings will sort them and you can toggle ascending/descending.
Column Resizing
You can grab the resize bars and move them to see more/less of a column (there are minimum widths).
Changing the Columns
Using the Menu > Customize view option, you can select/deselect attributes.
For example removing email and adding in the two description attributes results in the columns changing.
Note that if you have too much info to display, you get a scroll bar at the bottom.
Review Details Changes
The attributes shown on the slide-out Review Details panel reflect those selected in the Access Certification campaign Settings page.
In this case some user details were removed and the Current Project added, and some of the Resource details have changed as per the Settings changes.
The reviewer cannot select which of these are displayed.
Conclusion
This article has explored the new customizable access certification reviewer context feature in Okta Identity Governance. It introduces a number of changes, such as: selecting which attributes are displayed in a campaign; changing, sorting and sizing of columns; and filtering of data.
Businesses can apply a blanket set of atttributes that make sense to them. Perhaps not all the standard user profile attributes are used, but they have custom ones they want to show to the reviewer. This feature allows that.
It also makes the review process more usable by the reviewer giving them greater control over the review information they are presented with and use to make review decisions.
Together these changes make access certification campaigns more consumable and usable, meaning business users are more likely to do them rather than avoiding them.
