Everything Identity and Access Management leveraging OKTA technology
OIG Access Requests
This page is for articles relating to the new Okta Identity Governance (OIG) Access Requests function.
OIG Access Requests Overview
Access Requests is the component of OIG that came from the atSpoke acquisition. As it is a new function with some unique capabilities, it makes sense to consolidate all OIG Access Requests articles here.
The following figure shows how Access Requests works in the wider Okta Identity Governance ecosystem.
OIG Architectural Overview
Access Requests integrates with the Okta Identity Cloud (Okta) to retrieve users, groups and application lists, and also it runs actions in workflows that will update (or retrieve) objects in Okta Universal Directory (e.g. add user to group, assign user to application).
Access Requests can also integrate with ITSM tools like ServiceNow and Jira to log tickets.
Users (including access request reviewers, such as managers, and administrators) may interface directly with Access Requests through the user interface, or via a chat bot in Slack/Teams. In the wider Okta picture, all of these could be SSO’d to from the Okta Dashboard.
OIG Access Requests Posts
The following articles are specific to OIG Access Requests.
A common requirement for access requests is adding a file to support the request. It may not be obvious, but Okta Identity Governance has the means to attach a file to a request. Let’s explore this and show an example. How to Attach a File in the Access Requests Portal A file can be attached…
My colleague, Rajesh Kumar, showed me something today that fell into the “wow, I didn’t even think of using the product this way” category. It involves using logic in Access Request flows (Request Types) in Okta Identity Governance to prompt for additional information based on earlier selections. Let’s look at how the user experiences it,…
This article looks at a new approach you could use to perform Separation of Duties (SoD) checking from Okta Access Requests using Okta Workflows. It shows two approaches you could take to get SoD analysis into the request a soon as it’s raised so that the reviewer has the information at hand before approving the…
This article looks at a recent addition to the Okta Identity Governance (OIG) Access Request API that allows updating of in-flight access requests and can be used to add additional data to help reviewers review requests. Note that the OIG APIs are still in beta but can be used against preview and production Okta orgs.…
For some time there has been the ability to trigger a workflow in Okta Workflows from a request flow in Okta Access Requests via events written to the Okta System Log. Events were created for a request being initiated and being closed. But this approach has some limitations, such as a lot of processing within…
As is often the case, product documentation tells you how to turn on or configure a function but often doesn’t provide the context of that function. I found this yesterday when exploring something with a customer in Okta Identity Governance (OIG) Access Requests. What is the Request Assignee you can assign to some of the…
Recently someone asked if Okta Identity Governance (OIG) Access Requests could be setup so a manager could supply additional information for the request. Their use case, the requester wants access to an application but they don’t know the role they need, so the manager would select the role at the approval stage. Short answer -…
If you’ve seen a demonstration of Okta Identity Governance (OIG) Access Requests, you have probably seen the machine learning (AI) capability when requesting access in Slack or Microsoft Teams. You ask for access to something, and the AI will try to determine the best request type to present. It learns over time, so that terms…
Most organisations have some ITSM or service request tool, and ServiceNow is the most common. So it’s understandable that any conversation about Okta Identity Governance, particularly access requests, will involve comparison with ServiceNow or integration patterns for both products. How do you approach an access request solution? Which product is going to meet your needs…