OIG Access Requests – Cancelling a Timer

If you're familiar with the timer feature in Okta Identity Governance (OIG) Access Requests, you may have wondered if you can cancel a running timer and if so, how? Let's show how it can be done. If you're not familiar with the timer feature, have a read of this article: https://iamse.blog/2022/07/27/oig-access-requests-using-the-new-timer-feature/. A timer is used … Continue reading OIG Access Requests – Cancelling a Timer

OIG Access Requests – Public or Private?

If you have looked at Okta Identity Governance Access Requests, you will know that a request will contain the history of the activity, such as the questions asked and answered, approval steps performed and actions taken. Did you know that a request, with all this information, can be Public or Private? Did you know that … Continue reading OIG Access Requests – Public or Private?

OIG – Triggering Workflows From Access Certification Reviews

Okta Identity Governance (OIG) provides an access certification component for reviewing users and their access. When reviewing access, a reviewer (such as a users manager) can approve or revoke the access (or reassign). With the revoke action, the access certification campaign can be configured to automatically remove access or do nothing (i.e. leave the access … Continue reading OIG – Triggering Workflows From Access Certification Reviews

OIG Access Requests – Clearing “Stuck” Requests

When working with Okta Identity Governance (OIG) Access Requests, you may find a request in a "stuck" state, where you can't complete a step or the request doesn't automatically close when done. Perhaps you're testing a new Request Type and missed a step or have something misconfigured when you tested it. As an administrator you … Continue reading OIG Access Requests – Clearing “Stuck” Requests

Reassigning Managers for an Access Certification Campaign

A common requirement for Identity Governance and Administration (IGA) controls is for reassignment when a reviewer, like a manager, goes on leave. Okta Identity Governance (OIG) currently supports manual reassignment of access certification reviews by an administrator or by the reviewer themselves. But what about automatic reassignment based on a change to the user profile, … Continue reading Reassigning Managers for an Access Certification Campaign

Access Certification – Helping Reviewers Decide whether to Approve or Revoke Access

The user interface, and general user experience, has been a challenge with Identity Governance and Administration (IGA) products for many years. Unlike many IT products, IGA solutions are used by all business users and need an easy to use and understand interface. This is particularly so with Access Certifications - business owners (like managers or … Continue reading Access Certification – Helping Reviewers Decide whether to Approve or Revoke Access

OIG – Certification for External System Entitlements

A common ask for Okta Identity Governance (OIG) is to be able to do access certification on external application data. Currently OIG can only run campaigns on objects (group memberships and application assignments) in the Okta Universal Directory (UD). Importing of external system entitlements is on the product roadmap. But with some understanding of the … Continue reading OIG – Certification for External System Entitlements

Extracting Okta ASA Audit Log with Okta Workflows

The audit logs in Okta Advanced Server Access (ASA) can be viewed in the ASA administrative interface or extracted via the ASA Audit V2 API (and this is what the integrations with SIEM tools do). But what about the situation where you just need to extract all the logs and process them somewhere? You could … Continue reading Extracting Okta ASA Audit Log with Okta Workflows

OIG Access Requests – Where Do I Assign Teams?

A common concern from a new Okta Identity Governance (OIG) Access Requests deployment is "I can't see the Application or Group list when building a Request Type". The most common cause is the assignment of Teams. Teams are the access control mechanism built into OIG Access Requests. They control who can create and own Request … Continue reading OIG Access Requests – Where Do I Assign Teams?

Enable Provisioning with OAuth for Salesforce.com

A while back Okta changed the provisioning credentials for salesforce.com from the old username and password+token approach to using OAuth. Whilst the new approach was added to the Okta help documentation (https://help.okta.com/oie/en-us/Content/Topics/Provisioning/Salesforce/sfdc-configure-provisioning-REST.htm), the need for the documents to cover both the old and new can lead to some confusion. A customer hit a snag and … Continue reading Enable Provisioning with OAuth for Salesforce.com