OIG Access Requests – Understanding User Grouping

Understanding user grouping mechanisms in the Okta Identity Governance (OIG) Access Requests mechanism is important to building and running access request flows. It can be confusing and this article aims to address the confusion. Note that OIG Access Requests is the old atSpoke product. The term “Okta” in this article refers to the Okta Identity … Continue reading OIG Access Requests – Understanding User Grouping

OIG Access Requests – Using the New Timer Feature

This article explores the new Timer feature in Okta Identity Governance (OIG) Access Requests. It provides an overview of the new function and how it could be used for a long-term (days or weeks) access request and a short-term (hours) privileged access request. This article assumes a familiarity with the OIG Access Requests workflows. For … Continue reading OIG Access Requests – Using the New Timer Feature

Integrating ServiceNow with OIG Access Requests

One of the standard integration points with Okta Identity Governance (OIG) Access Requests is to log a ticket of an access request in an ITSM tool like ServiceNow. This article explores the integration between OIG Access Requests and ServiceNow. Article contents: Overview of IntegrationServiceNow Integration SetupAdding ServiceNow Ticket Creation to a FlowExecuting the FlowConclusion Overview … Continue reading Integrating ServiceNow with OIG Access Requests

Requesting Roles Through OIG Access Requests

This article looks at how Okta Identity Governance (OIG) can be used to provide a role-request feature in Access Requests. The example used is roles for Salesforce. Role Request for Salesforce Article contents: What Roles?An Example - Salesforce.com and Some Role GroupsRequesting The Role Groups DirectlyUsing Configuration Items for a List of GroupsAccess Request Flow … Continue reading Requesting Roles Through OIG Access Requests

Inactive Application Account Reporting with Okta Workflows

I was recently asked about reporting, and possibly recertification, of inactive accounts in Okta. We can run reports in Okta on Okta profile states to find inactive users. We also have an Okta Workflows template to find and report on Okta users who haven't accessed Okta in a period of time. But what about application … Continue reading Inactive Application Account Reporting with Okta Workflows

Separation of Duties (SoD) With Okta Workflows

Implementation of Separation of Duties controls is often an Identity Governance requirement. Whilst SoD controls will find their way into the Okta Identity Governance product at some point, they can be implemented today using the Okta Identity Cloud data model and Okta Workflows. This article provides a sample implementation. Article contents: IntroductionOkta and Coarse- and … Continue reading Separation of Duties (SoD) With Okta Workflows

Continuous Certification with Okta Workflows

This article provides an approach to implementing continuous (re)certification using Okta Workflows. It discusses the concept and then walks through the sample implementation. Article contents: IGA, Certification and Continuous CertificationCan We Do This In Okta?Implementing a Continuous Certification Campaign in OktaTrigger Events in OktaWorkflows FlowsMain Flows (F**)API Endpoint Flow (A00)Sub Flows (S**)Utility Flows (U**)Design PointsSample … Continue reading Continuous Certification with Okta Workflows

Fine-Grained Entitlement Reporting with Workflows

A key aspect of identity governance is being able to see "who has access to what". Within Okta you have visibility to user-to-group and user-to-application mappings (i.e. the associations that Okta is managing). These are often called coarse-grained entitlements. But what about the fine-grained entitlements that are normally defined and managed within an application, such … Continue reading Fine-Grained Entitlement Reporting with Workflows

IGA & RACF – How Effectively Can You Manage the Risk of Mainframe Users?

This article was originally posted on LinkedIn on 29 August, 2019 (https://www.linkedin.com/pulse/iga-racf-how-effectively-can-you-manage-risk-users-david/). Way back in the late 80’s I was a trainee programmer learning all things green-screen, like ISPF, JCL, CICS and Cobol. Colleagues laughed, asking me why I was bothering given the mainframe would be gone in five years. Here we are thirty years … Continue reading IGA & RACF – How Effectively Can You Manage the Risk of Mainframe Users?