This page is for articles relating to the new Okta Identity Governance (OIG) Entitlement Management function.
OIG Entitlement Management Overview
Entitlements in applications grant access to resources. The Entitlement Management feature in OIG promotes these entitlements to first-class objects in Okta alongside Groups and Applications meaning they can be visible against the user (rather than buried in application user profiles), can be requested via OIG Access Requests and can be validated via OIG Access Certifications.
The following figure shows the major components and integrations with the wider Okta Workforce Identity Cloud platform and external systems.
More information can be found in an introduction article (also listed below).
FYI – Entitlement Management FAQs are available as Okta Knowledge Base articles:
- Frequently Asked Questions About Entitlement Management
- Frequently Asked Questions About Entitlement Management Platform
- Frequently Asked Questions About Integrations (Connectors) for Entitlement Management
- Frequently Asked Questions About Governance for Entitlements
- Frequently Asked Questions About Integration with Access Requests and Access Certifications
OIG Entitlement Management Posts
The following articles are specific to OIG Access Requests.
A Brief Intro to SoD with OIG
Okta has just released a separation of duties feature into Okta Identity Governance. This article provides a brief introduction to the feature. Introduction Separation of Duties (or Segregation of Duties, or more commonly SoD) has been a standard control for identity governance for a quarter of a century. The concept is that a user should…
Importing Entitlements for Disconnected Apps in OIG
Okta recently introduced a new feature into Okta Identity Governance for importing users and entitlements for disconnected apps via a CSV import. This article explores the new feature. Introduction Okta has had the ability to import users via a CSV file for a long time. This has been an effective way to bulk load users…
An Introduction to Resource Collections in OIG
This article introduces the new Resource Collections feature in Okta Identity Governance, looking at how collections are defined, requested and reviewed. Introduction Okta has introduced a new feature into Okta Identity Governance (OIG) called Resource Collections (or sometimes referred to as just Collections). They are a way to define a role that spans different entitlements…
Governance for Okta Privileged Access Server Resources
This document describes the approach and mechanism to run a certification campaign to review Okta Privileged Access Resource (Server) access. Introduction The solution captured in this document is to demonstrate the power of the Unified Identity platform. The focus of this document is to provide the ability for our customer to enable self-service to request…
The Combined Power of Okta Privileged Access and Okta Identity Governance
This article looks at the benefits of combining Okta Privileged Access with Okta Identity Governance to reduce the risk of using privileged accounts and access. Introduction Both Okta Privileged Access (OPA) and Okta Identity Governance (OIG) are part of the Okta Workforce Identity Cloud platform (Okta WIC). OIG is focussed on governing identities – having…
Okta Entitlements for Disconnected Applications – Dynamic Entitlement Bundle Assignments
OVERVIEW This blog is a continuation of the Okta Entitlements for Disconnected Applications – Dynamic Entitlement Bundle Creation that I posted previously. Some of the introductory content is duplicate to reenforce some of the basic concepts around Okta Identity Governance – Entitlement Management. With the release of Okta Identity Governance, one of the newly released features is…
Okta Entitlements for Disconnected Applications – Dynamic Entitlement Bundle Creation
OVERVIEW This blog is a continuation of the Okta Entitlements for Disconnected Applications that I posted previously. Some of the introductory content is duplicate to reenforce some of the basic concepts around Okta Identity Governance – Entitlement Management. With the release of Okta Identity Governance, one of the newly released features is entitlements at the…
Okta Entitlements for Disconnected Applications
OVERVIEW With the release of Okta Identity Governance, one of the newly released features is entitlements at the application level. Entitlements open a deeper level of represented access for Access Reviews, Access Certification Campaigns and Access Requests through the representation of fine grain access and licensing that a given user has in a relationship to…
Unleashing Precision: Enhancing Salesforce User Access Reviews with Custom Okta Entitlements Management
Introduction In the ever-evolving realm of user access and security, the marriage of Okta and Salesforce presents a powerful synergy. While Okta’s out-of-the-box (OOTB) connector for Salesforce Governance is undoubtedly a valuable asset, it falls short when it comes to the nuance of fine-grained access certification. Picture this common scenario: reviewing a Profile or Permission…
Something went wrong. Please refresh the page and/or try again.