Everything Identity and Access Management leveraging OKTA technology
OIG Access Requests
This page is for articles relating to the new Okta Identity Governance (OIG) Access Requests function.
OIG Access Requests Overview
Access Requests is the component of OIG that came from the atSpoke acquisition. As it is a new function with some unique capabilities, it makes sense to consolidate all OIG Access Requests articles here.
The following figure shows how Access Requests works in the wider Okta Identity Governance ecosystem.
OIG Architectural Overview
Access Requests integrates with the Okta Identity Cloud (Okta) to retrieve users, groups and application lists, and also it runs actions in workflows that will update (or retrieve) objects in Okta Universal Directory (e.g. add user to group, assign user to application).
Access Requests can also integrate with ITSM tools like ServiceNow and Jira to log tickets.
Users (including access request reviewers, such as managers, and administrators) may interface directly with Access Requests through the user interface, or via a chat bot in Slack/Teams. In the wider Okta picture, all of these could be SSO’d to from the Okta Dashboard.
OIG Access Requests Posts
The following articles are specific to OIG Access Requests.
As is often the case, product documentation tells you how to turn on or configure a function but often doesn’t provide the context of that function. I found this yesterday when exploring something with a customer in Okta Identity Governance (OIG) Access Requests. What is the Request Assignee you can assign to some of the…
Recently someone asked if Okta Identity Governance (OIG) Access Requests could be setup so a manager could supply additional information for the request. Their use case, the requester wants access to an application but they don’t know the role they need, so the manager would select the role at the approval stage. Short answer -…
If you’ve seen a demonstration of Okta Identity Governance (OIG) Access Requests, you have probably seen the machine learning (AI) capability when requesting access in Slack or Microsoft Teams. You ask for access to something, and the AI will try to determine the best request type to present. It learns over time, so that terms…
Most organisations have some ITSM or service request tool, and ServiceNow is the most common. So it’s understandable that any conversation about Okta Identity Governance, particularly access requests, will involve comparison with ServiceNow or integration patterns for both products. How do you approach an access request solution? Which product is going to meet your needs…
A common ask for Okta Identity Governance is to be able to log at ticket in a service desk tool, like ServiceNow, for manual provisioning activities after following an approval process in Access Requests. This article explores one approach to this using OIG Access Request events in the Okta System Log, Event Hooks and Okta…
If you’re familiar with the timer feature in Okta Identity Governance (OIG) Access Requests, you may have wondered if you can cancel a running timer and if so, how? Let’s show how it can be done. If you’re not familiar with the timer feature, have a read of this article: https://iamse.blog/2022/07/27/oig-access-requests-using-the-new-timer-feature/. A timer is used…
If you have looked at Okta Identity Governance Access Requests, you will know that a request will contain the history of the activity, such as the questions asked and answered, approval steps performed and actions taken. Did you know that a request, with all this information, can be Public or Private? Did you know that…
When working with Okta Identity Governance (OIG) Access Requests, you may find a request in a “stuck” state, where you can’t complete a step or the request doesn’t automatically close when done. Perhaps you’re testing a new Request Type and missed a step or have something misconfigured when you tested it. As an administrator you…
A common concern from a new Okta Identity Governance (OIG) Access Requests deployment is “I can’t see the Application or Group list when building a Request Type”. The most common cause is the assignment of Teams. Teams are the access control mechanism built into OIG Access Requests. They control who can create and own Request…