IGA (Incl. LCM)

This page highlights the articles on this blog that relate to Okta’s Identity Governance and Administration (IGA) products, Lifecycle Management (LCM), Workflows (where they relate to IGA) and Identity Governance (OIG).

IGA Overview

The term Identity Governance and Administration (IGA) was coined by (or made popular by) Gartner to highlight how the traditional IAM domains of Identity Management and Identity Governance were coming together with vendors covering aspects of both. Traditionally Identity Management covers capabilities around granting accounts access to systems, such as lifecycle management, HR integration, role- and request-based access entitlement, and provisioning (adapters, connectors etc.). Identity Governance is more focussed on the controls and visibility around who has access to what, and includes access request processes, access certification, role engineering and review, and reporting.

Full-spectrum of Okta IGA Capabilities

Okta has had Lifecycle Management capabilities for some time, including access request functionality, group rules to drive role-based access entitlements, target system integration for provisioning (via OIN integrations and SCIM), and workflows for process extension and automation. The Okta IGA product, Okta Identity Governance has just been released in Limited Early Access (Mar 2022) and covers access requests, access certification and identity reporting.

There are category-specific child pages. See the Pages navigation in the sidebar.


IGA Posts

The Okta IGA-related articles on this site are listed below.

Enable Provisioning with OAuth for Salesforce.com

A while back Okta changed the provisioning credentials for salesforce.com from the old username and password+token approach to using OAuth. Whilst the new approach was added to the Okta help documentation (https://help.okta.com/oie/en-us/Content/Topics/Provisioning/Salesforce/sfdc-configure-provisioning-REST.htm), the need for the documents to cover both the old and new can lead to some confusion. A customer hit a snag and … Continue reading Enable Provisioning with OAuth for Salesforce.com

OIG Access Requests – Understanding User Grouping

Understanding user grouping mechanisms in the Okta Identity Governance (OIG) Access Requests mechanism is important to building and running access request flows. It can be confusing and this article aims to address the confusion. Note that OIG Access Requests is the old atSpoke product. The term “Okta” in this article refers to the Okta Identity … Continue reading OIG Access Requests – Understanding User Grouping

Certifying Access for Disconnected Application in Okta

The beauty with Okta is that there are over 500 applications in the Okta Integration Network that enables Admins to automate the user lifecycle. For these apps, Okta Identity Governance enables immediate remediation based on access reviews. There are still many applications that don’t and won’t support this, which creates a challenge when it comes … Continue reading Certifying Access for Disconnected Application in Okta

OIG Access Requests – Using the New Timer Feature

This article explores the new Timer feature in Okta Identity Governance (OIG) Access Requests. It provides an overview of the new function and how it could be used for a long-term (days or weeks) access request and a short-term (hours) privileged access request. This article assumes a familiarity with the OIG Access Requests workflows. For … Continue reading OIG Access Requests – Using the New Timer Feature

OIG Access Requests – Requesting Access in Slack

A key benefit of Okta Identity Governance is the ability to interface with access request flows via chat tools such as Slack and Microsoft Teams. This article provides a summary of the different ways users can request access in Slack and how to monitor the progress of a request in Slack. Article contents: Overview of … Continue reading OIG Access Requests – Requesting Access in Slack

Integrating ServiceNow with OIG Access Requests

One of the standard integration points with Okta Identity Governance (OIG) Access Requests is to log a ticket of an access request in an ITSM tool like ServiceNow. This article explores the integration between OIG Access Requests and ServiceNow. Article contents: Overview of Integration The primary focus of the Okta Identity Governance (OIG) Access Requests … Continue reading Integrating ServiceNow with OIG Access Requests

OIG Access Requests – What Else Can You Do?

The Okta Identity Governance (OIG) Access Requests module is built for requesting (and reviewing/approving) access to applications or groups in Okta. However, the module can do a lot more with the actions provided for the Okta integration. This article explores these and gives some examples of how they can be used. Article contents: Please note … Continue reading OIG Access Requests – What Else Can You Do?

Requesting Roles Through OIG Access Requests

This article looks at how Okta Identity Governance (OIG) can be used to provide a role-request feature in Access Requests. The example used is roles for Salesforce. Article contents: What Roles? If you’re familiar with the Okta Identity Cloud data model, you will know there are users, groups and applications but no roles (other than … Continue reading Requesting Roles Through OIG Access Requests

Inactive Application Account Reporting with Okta Workflows

I was recently asked about reporting, and possibly recertification, of inactive accounts in Okta. We can run reports in Okta on Okta profile states to find inactive users. We also have an Okta Workflows template to find and report on Okta users who haven’t accessed Okta in a period of time. But what about application … Continue reading Inactive Application Account Reporting with Okta Workflows

Separation of Duties (SoD) With Okta Workflows

Implementation of Separation of Duties controls is often an Identity Governance requirement. Whilst SoD controls will find their way into the Okta Identity Governance product at some point, they can be implemented today using the Okta Identity Cloud data model and Okta Workflows. This article provides a sample implementation. Article contents: Introduction A common requirement … Continue reading Separation of Duties (SoD) With Okta Workflows

Continuous Certification with Okta Workflows

This article provides an approach to implementing continuous (re)certification using Okta Workflows. It discusses the concept and then walks through the sample implementation. Article contents: IGA, Certification and Continuous Certification A key focus for Identity Governance and Administration (IGA) implementations is access certification (aka recertification or attestation). The aim of this is to periodically validate … Continue reading Continuous Certification with Okta Workflows

Fine-Grained Entitlement Reporting with Workflows

A key aspect of identity governance is being able to see “who has access to what”. Within Okta you have visibility to user-to-group and user-to-application mappings (i.e. the associations that Okta is managing). These are often called coarse-grained entitlements. But what about the fine-grained entitlements that are normally defined and managed within an application, such … Continue reading Fine-Grained Entitlement Reporting with Workflows

A Look at IAM in Red Hat Enterprise Linux

This is a trimmed down version of an article I published on LinkedIn on Jun 11, 2020 (https://www.linkedin.com/pulse/look-iam-red-hat-enterprise-linux-david-edwards-iamdavid-/). For a recent engagement I had to ‘page back in’ long-forgotten aspects of identity and access management (IAM) for Unix/Linux, specifically the Red Hat Enterprise Linux (RHEL) operating system. I couldn’t find a comprehensive guide to all … Continue reading A Look at IAM in Red Hat Enterprise Linux

IGA & RACF – How Effectively Can You Manage the Risk of Mainframe Users?

This article was originally posted on LinkedIn on 29 August, 2019 (https://www.linkedin.com/pulse/iga-racf-how-effectively-can-you-manage-risk-users-david/). Way back in the late 80’s I was a trainee programmer learning all things green-screen, like ISPF, JCL, CICS and Cobol. Colleagues laughed, asking me why I was bothering given the mainframe would be gone in five years. Here we are thirty years … Continue reading IGA & RACF – How Effectively Can You Manage the Risk of Mainframe Users?

IGA and PAM – Managing Identities in a Red Hat OpenShift Environment

You might have missed it as there wasn’t a lot of press, but IBM recently acquired a small startup called Red Hat. As with many IBMers, I have been on a steep learning curve to understand the capabilities this brings. As an interesting exercise, I thought I’d treat the OpenShift stack as an identity project … Continue reading IGA and PAM – Managing Identities in a Red Hat OpenShift Environment

SCIM Will Solve All Your IGA Problems, Right?

Continuing my theme of exploring IGA topics and “the Cloud”, I thought it worthwhile looking at SCIM and its adoption since it appeared eight years ago. The System for Cross-domain Identity Management, or SCIM, is the current rockstar of Identity Governance and Administration (IGA). It’s a lightweight data model utilizing JSON and REST that seems to solve … Continue reading SCIM Will Solve All Your IGA Problems, Right?

IGA Cloud or On-Prem – Have You Checked the Plumbing?

A major decision for all software deployments, including Identity Governance and Administration (IGA) deployments, is what platform to deploy to; cloud, on-premise or a hybrid of the two. Many IGA products are available as both cloud-based and on-prem. Some on-prem products can be hosted as SaaS or managed service offerings in the cloud. Some of … Continue reading IGA Cloud or On-Prem – Have You Checked the Plumbing?

How Much Workflow Do You Need for Your IGA Project?

Workflow is a core capability in any Identity Governance and Administration (IGA) deployment; IGA is all about automating the business processes around managing and governing users and their access.  IGA deployments often take much longer than anticipated and don’t achieve all of what the project set out to do. Why? There are many factors, but … Continue reading How Much Workflow Do You Need for Your IGA Project?

IGDM Part 3 – Implementing the Identity Governance Data Model

This article is the third in a series of three looking at a proposed common Identity Governance Data Model (IGDM). This third article suggests an implementation of the module using a SCIM-like approach. This model attempts to address the needs of managing heterogeneous complex target system access models in an Identity Governance and Administration (IGA) … Continue reading IGDM Part 3 – Implementing the Identity Governance Data Model

IGDM Part 2 – Validating the Proposed Identity Governance Data Model

This article is the second in a series of three looking at a proposed common Identity Governance Data Model (IGDM). This second article validates the model against some common complex applications. This model attempts to address the needs of managing heterogeneous complex target system access models in an Identity Governance and Administration (IGA) environment. The … Continue reading IGDM Part 2 – Validating the Proposed Identity Governance Data Model

IGDM Part 1 – Proposing an Identity Governance Data Model

This article is the first in a series of three looking at a proposed common Identity Governance Data Model (IGDM). This first article proposes the model. This model attempts to address the needs of managing heterogeneous complex target system access models in an Identity Governance and Administration (IGA) environment. The proposed IGDM is designed to … Continue reading IGDM Part 1 – Proposing an Identity Governance Data Model