Okta Workflows can address many automation use cases, including Identity Governance and Administration (IGA) scenarios. It is included as a product (SKU) in the Okta Identity Governance bundle.
For more information, including tutorials and videos, can be found in the Workflows help pages.
IGA Workflows Articles
There are a number of articles on this blog that can be used as examples of how to implement IGA use cases.
OIG Access Requests – Can I Attach a File?
A common requirement for access requests is adding a file to support the request. It may not be obvious, but Okta Identity Governance has the means to attach a file to a request. Let’s explore this and show an example. How to Attach a File in the Access Requests Portal A file can be attached…
OIG Access Requests and Workflows – Checking SoD In An Access Request
This article looks at a new approach you could use to perform Separation of Duties (SoD) checking from Okta Access Requests using Okta Workflows. It shows two approaches you could take to get SoD analysis into the request a soon as it’s raised so that the reviewer has the information at hand before approving the…
Understanding AWS IAM and Integrating with Okta and Workflows
I’ve been looking into application entitlements and the Amazon Web Services (AWS) users, groups and entitlements has perplexed me for some time. I’ve had the opportunity to explore it, try to understand it and build some integration between Okta Workforce Identity Cloud (via Okta Workflows). This post is a summary of my findings. AWS and…
Okta Identity Governance and/or Service Now – Architectural Patterns
Most organisations have some ITSM or service request tool, and ServiceNow is the most common. So it’s understandable that any conversation about Okta Identity Governance, particularly access requests, will involve comparison with ServiceNow or integration patterns for both products. How do you approach an access request solution? Which product is going to meet your needs…
Risk-Based Application Certification in OIG
If you were at Oktane22, or have listened to the Oktane22 roadmap sessions, you will know risk and use of risk signals is a key focus for Okta going forward. This includes leveraging risk in Okta Identity Governance (OIG), to help make access requests and access certification more effective. But can you leverage risk today?…
Logging a ServiceNow Request via Workflows from OIG Access Requests
A common ask for Okta Identity Governance is to be able to log at ticket in a service desk tool, like ServiceNow, for manual provisioning activities after following an approval process in Access Requests. This article explores one approach to this using OIG Access Request events in the Okta System Log, Event Hooks and Okta…
OIG – Triggering Workflows From Access Certification Reviews
Okta Identity Governance (OIG) provides an access certification component for reviewing users and their access. When reviewing access, a reviewer (such as a users manager) can approve or revoke the access (or reassign). With the revoke action, the access certification campaign can be configured to automatically remove access or do nothing (i.e. leave the access…
OIG – Certification for External System Entitlements
A common ask for Okta Identity Governance (OIG) is to be able to do access certification on external application data. Currently OIG can only run campaigns on objects (group memberships and application assignments) in the Okta Universal Directory (UD). Importing of external system entitlements is on the product roadmap. But with some understanding of the…
Access Certification for In-active application users
How can you leverage Okta Workflows and Identity Governance to review in-active users in your application
Certifying Access for Disconnected Application in Okta
The beauty with Okta is that there are over 500 applications in the Okta Integration Network that enables Admins to automate the user lifecycle. For these apps, Okta Identity Governance enables immediate remediation based on access reviews. There are still many applications that don’t and won’t support this, which creates a challenge when it comes…
Historical Reporting of OIG Access Requests
A common request asked is how to look at past access request events. Currently you can see the results of the requests in the Okta System Log and also in the Okta Identity Governance (OIG) Access Requests admin console. This article will explore these. Article contents: This is still an early release product, so expect…
Inactive Application Account Reporting with Okta Workflows
I was recently asked about reporting, and possibly recertification, of inactive accounts in Okta. We can run reports in Okta on Okta profile states to find inactive users. We also have an Okta Workflows template to find and report on Okta users who haven’t accessed Okta in a period of time. But what about application…
Separation of Duties (SoD) With Okta Workflows
Implementation of Separation of Duties controls is often an Identity Governance requirement. Whilst SoD controls will find their way into the Okta Identity Governance product at some point, they can be implemented today using the Okta Identity Cloud data model and Okta Workflows. This article provides a sample implementation. Article contents: Introduction A common requirement…
Continuous Certification with Okta Workflows
This article provides an approach to implementing continuous (re)certification using Okta Workflows. It discusses the concept and then walks through the sample implementation. Article contents: IGA, Certification and Continuous Certification A key focus for Identity Governance and Administration (IGA) implementations is access certification (aka recertification or attestation). The aim of this is to periodically validate…
Fine-Grained Entitlement Reporting with Workflows
A key aspect of identity governance is being able to see “who has access to what”. Within Okta you have visibility to user-to-group and user-to-application mappings (i.e. the associations that Okta is managing). These are often called coarse-grained entitlements. But what about the fine-grained entitlements that are normally defined and managed within an application, such…