This page highlights the articles on this blog that relate to Okta’s Identity Governance and Administration (IGA) products, Lifecycle Management (LCM), Workflows (where they relate to IGA) and Identity Governance (OIG).
IGA Overview
The term Identity Governance and Administration (IGA) was coined by (or made popular by) Gartner to highlight how the traditional IAM domains of Identity Management and Identity Governance were coming together with vendors covering aspects of both. Traditionally Identity Management covers capabilities around granting accounts access to systems, such as lifecycle management, HR integration, role- and request-based access entitlement, and provisioning (adapters, connectors etc.). Identity Governance is more focussed on the controls and visibility around who has access to what, and includes access request processes, access certification, role engineering and review, and reporting.
Okta has had Lifecycle Management capabilities for some time, including access request functionality, group rules to drive role-based access entitlements, target system integration for provisioning (via OIN integrations and SCIM), and workflows for process extension and automation. The Okta IGA product, Okta Identity Governance has just been released in Limited Early Access (Mar 2022) and covers access requests, access certification and identity reporting.
There are category-specific child pages. See the Pages navigation in the sidebar.
IGA Posts
The Okta IGA-related articles on this site are listed below.
New Access Certification Auditor Reporting Package in OIG
Okta has just released a new Early Access feature for Okta Identity Governance Access Certifications – the Auditor Reporting Package. This new feature significantly expands the usefulness of OIG Access Certification campaign reporting. Introduction When Okta Identity Governance (OIG) was released with Access Requests and Access Certification, there was reporting included. It was available under…
Role Analysis with Okta ISPM – Are My Groups and Roles Being Used Effectively
Okta Identity Security Posture Management (ISPM) performs analysis on groups and roles which can be used to tune access via groups/roles and reduce risk. This article explores how to use ISPM for role analysis. Background Roles and a role-based identity system have been the Holy Grail for identity governance and administration (IGA) practitioners and products…
New Delegate Feature in OIG
Okta has recently released a delegate feature in Okta Idenity Governance. This feature allows all governance activity, such as reviewing access requests or access certifications, to another Okta user (optionally for a set period). This article introduces the new feature. Introduction We all need to go on leave or take time off. So what happens…
New Okta Group Push API
If you have been working with applications in Okta for some time and occasionally use the APIs (or Workflows) you would be aware that one glaring omission in the API library was an API to manage the Push Groups on applications. This has now been addressed with the Group Push Mapping API. The Group Push…
The New Unified Requester Experience in OIG
This article introduces the new Access Requests – Unified Requester Experience that is currently rolling out as an Early Access feature in Okta Identity Governance (OIG). The Background As Okta was building its new Identity Governance and Administration (IGA) product, it acquired a company to provide what would become the Access Requests component of Okta…
A Brief Intro to SoD with OIG
Okta has just released a separation of duties feature into Okta Identity Governance. This article provides a brief introduction to the feature. Introduction Separation of Duties (or Segregation of Duties, or more commonly SoD) has been a standard control for identity governance for a quarter of a century. The concept is that a user should…
Importing Entitlements for Disconnected Apps in OIG
Okta recently introduced a new feature into Okta Identity Governance for importing users and entitlements for disconnected apps via a CSV import. This article explores the new feature. Introduction Okta has had the ability to import users via a CSV file for a long time. This has been an effective way to bulk load users…
Preconfigured Access Certification Campaigns in Okta Identity Governance
The Access Certifications capability has been a core part of Okta Identity Governance (OIG) since its inception. However in the first update for this year (2025.01.0), Preconfigured Access Certifications Campaigns were added to OIG. This article explores the new feature. Overview Building of access certification campaigns is very straightforward. The wizard-like flow walks you through…
An Introduction to Realms in Okta
Okta recently added a new feature to the Universal Directory called Realms. This article provides an overview of the new feature. Note that Realms is only available with the Okta Identity Governance and Secure Partner Access products. At the time of writing this article, Realms is in Early Access. Background – Why do we need…
Reduce Risk through Governance for Okta Administrators
In this article we explore the different patterns for associating users with administrative roles and how we can reduce the risk around these using governance. There are multiple articles listing the controls that should be applied to the administrative access in Okta, but this article will focus on the governance controls. Introduction Okta administration is…
Governance for Okta Privileged Access Server Resources
This document describes the approach and mechanism to run a certification campaign to review Okta Privileged Access Resource (Server) access. Introduction The solution captured in this document is to demonstrate the power of the Unified Identity platform. The focus of this document is to provide the ability for our customer to enable self-service to request…
The Combined Power of Okta Privileged Access and Okta Identity Governance
This article looks at the benefits of combining Okta Privileged Access with Okta Identity Governance to reduce the risk of using privileged accounts and access. Introduction Both Okta Privileged Access (OPA) and Okta Identity Governance (OIG) are part of the Okta Workforce Identity Cloud platform (Okta WIC). OIG is focussed on governing identities – having…
New Features for the Access Request Conditions and Resource Catalog in Okta Identity Governance
Two new features have been introduced into the Access Request Conditions and Resource Catalog (aka RCAR) feature in Okta Identity Governance – Request on Behalf Of, and User-specified Access Duration. This article introduces these new features. Request On Behalf Of Okta Identity Governance introduced the ability to request access on behalf of another user into…
Customisable Access Certification Reviewer Content in OIG
This article looks at the new customisable reviewer content in Okta Identity Governance (OIG) Access Certifications. The doc link for this new feature is https://help.okta.com/oie/en-us/content/topics/identity-governance/access-certification/iga-ac-customizable-context.htm. Introduction Access Certification (or recertification, attestation) is a key capability in any Identity Governance product and it is the one most likely to cause friction with business users. If you’re…
Govern Okta Admin Roles (free version of Okta Identity Governance*)
*This new feature is included in the Okta WIC platform and all Okta workforce customers are entitled to use it! It is governance just for the Okta admin roles, not all IGA use cases. We started gradual roll out, soon every workforce customer will be able to see it in their preview orgs. TL;DR -…
Managing Access in Okta Privileged Access with the new OIG Resource Catalog
Okta has released into Early Access a new feature called the Access Request Conditions and Resource Catalog, or more simply the Resource Catalog. This is a new way to configure and use access requests in Okta Identity Governance. This article shows how this can be applied to access within Okta Privileged Access. Introduction Okta Privileged…
Privileged Access Management for AWS using Okta Workforce Solutions
This article is a summary of a presentation I recently gave looking at Okta Workforce Identity Cloud and Amazon Web Services (AWS). It is focused on how privileged access management can be applied to AWS users and access, leveraging the different Identity and Access Management (IAM) capabilities in Okta. Introduction Privileged Access Management (PAM) as…
OIG APIs – Use Okta Connector in Workflows Now
This short post is for the information of people who may look at some of the older OIG API and Workflows articles on this site and find they no longer work. You should be using the Okta Connector with the Custom API Action card now instead of the old generic API Connector card. The OLD…
A Look at the new Govern Okta Admin Roles feature
This article is a walkthrough of the new Govern Okta Admin Roles feature in Okta Workforce Identity Cloud (WIC). Overview of the Feature This new feature builds on the flexible and customisable administration roles that have been available on Okta WIC for some time. It treats the Okta Admin Console as an application with entitlements…
Realms for Workforce Management – A New Flexible Way to Manage your Organization
Introduction Okta’s vision with Universal Directory is to provide a centralized approach to identity management, where customers can integrate any technology stack into a comprehensive, central cloud directory for unified management. In today’s world, unified identity management is becoming increasingly challenging. Organizations rely on a workforce composed of employees, contractors, seasonal workers, and business partners,…
Okta Entitlements for Disconnected Applications
OVERVIEW With the release of Okta Identity Governance, one of the newly released features is entitlements at the application level. Entitlements open a deeper level of represented access for Access Reviews, Access Certification Campaigns and Access Requests through the representation of fine grain access and licensing that a given user has in a relationship to…
Unlocking Workday Security Groups Governance: Integrating Okta OIG with Custom Workflows and Universal Directory
Introduction Today, safeguarding organizational assets and ensuring compliance with regulatory standards are paramount concerns for businesses of all sizes. Within this context, the integration of Workday’s security groups with Okta Identity Governance (OIG) emerges as a critical need, given the central role these platforms play in managing employee data and access privileges. However, there is…
Unleashing Precision: Enhancing Salesforce User Access Reviews with Custom Okta Entitlements Management
Introduction In the ever-evolving realm of user access and security, the marriage of Okta and Salesforce presents a powerful synergy. While Okta’s out-of-the-box (OOTB) connector for Salesforce Governance is undoubtedly a valuable asset, it falls short when it comes to the nuance of fine-grained access certification. Picture this common scenario: reviewing a Profile or Permission…
OIG Entitlement Management Videos on YouTube
Some colleagues have recently published a set of videos on YouTube (okta channel) highlighting some of the features of the new Entitlement Management capability in Okta Identity Governance (see out Entitlement Management page for more information on the product). Most of the videos will show up by searching for “entitlement” and “okta” (https://www.youtube.com/results?search_query=entitlement+okta). It may…
Entitlements Managed in OIG with Early Access
The new Entitlement Management capability in Okta Identity Governance (OIG) is currently in Early Access for OIG customers. With this release Okta has updated five of the Okta Integration Network (OIN) connectors to support this new capability – splitting entitlements from other application profile attributes and managing the two-way sync between Okta and the applications.…
Something went wrong. Please refresh the page and/or try again.