Workflows for IGA Use Cases

Okta Workflows can address many automation use cases, including Identity Governance and Administration (IGA) scenarios. It is included as a product (SKU) in the Okta Identity Governance bundle.

For more information, including tutorials and videos, can be found in the Workflows help pages.


IGA Workflows Articles

There are a number of articles on this blog that can be used as examples of how to implement IGA use cases.

OIG – Triggering Workflows From Access Certification Reviews

Okta Identity Governance (OIG) provides an access certification component for reviewing users and their access. When reviewing access, a reviewer (such as a users manager) can approve or revoke the access (or reassign). With the revoke action, the access certification campaign can be configured to automatically remove access or do nothing (i.e. leave the access … Continue reading OIG – Triggering Workflows From Access Certification Reviews

OIG – Certification for External System Entitlements

A common ask for Okta Identity Governance (OIG) is to be able to do access certification on external application data. Currently OIG can only run campaigns on objects (group memberships and application assignments) in the Okta Universal Directory (UD). Importing of external system entitlements is on the product roadmap. But with some understanding of the … Continue reading OIG – Certification for External System Entitlements

Certifying Access for Disconnected Application in Okta

The beauty with Okta is that there are over 500 applications in the Okta Integration Network that enables Admins to automate the user lifecycle. For these apps, Okta Identity Governance enables immediate remediation based on access reviews. There are still many applications that don’t and won’t support this, which creates a challenge when it comes … Continue reading Certifying Access for Disconnected Application in Okta

Inactive Application Account Reporting with Okta Workflows

I was recently asked about reporting, and possibly recertification, of inactive accounts in Okta. We can run reports in Okta on Okta profile states to find inactive users. We also have an Okta Workflows template to find and report on Okta users who haven’t accessed Okta in a period of time. But what about application … Continue reading Inactive Application Account Reporting with Okta Workflows

Separation of Duties (SoD) With Okta Workflows

Implementation of Separation of Duties controls is often an Identity Governance requirement. Whilst SoD controls will find their way into the Okta Identity Governance product at some point, they can be implemented today using the Okta Identity Cloud data model and Okta Workflows. This article provides a sample implementation. Article contents: Introduction A common requirement … Continue reading Separation of Duties (SoD) With Okta Workflows

Continuous Certification with Okta Workflows

This article provides an approach to implementing continuous (re)certification using Okta Workflows. It discusses the concept and then walks through the sample implementation. Article contents: IGA, Certification and Continuous Certification A key focus for Identity Governance and Administration (IGA) implementations is access certification (aka recertification or attestation). The aim of this is to periodically validate … Continue reading Continuous Certification with Okta Workflows

Fine-Grained Entitlement Reporting with Workflows

A key aspect of identity governance is being able to see “who has access to what”. Within Okta you have visibility to user-to-group and user-to-application mappings (i.e. the associations that Okta is managing). These are often called coarse-grained entitlements. But what about the fine-grained entitlements that are normally defined and managed within an application, such … Continue reading Fine-Grained Entitlement Reporting with Workflows