Hi everyone! We are excited to announce enhancements to our Access Request Workflow (formerly called Application Request & Approval Workflow), which we beta-tested 1Q of this year. I personally want to thank all customers who participated in the beta program. Your feedback was invaluable and drove enhancements and product vision.
This feature allows end users to request access to applications and gives approvers the ability to grant access. It strengthens Okta's provisioning solution, which is largely used by IT teams to automate account provisioning and SSO access for users on day one of employment. After day one, users need access to job-specific applications that are typically beyond an IT team's purview. Instead, business application owners, rather than IT, are best qualified to grant access and assign entitlements in apps that need them. Okta has addressed those needs with this feature.
- As an admin, you can configure groups of users to be approvers
- As an admin, you can leave a note (e.g. a disclaimer about licenses) to requestors
- As an approver, you can see outstanding requests in an inbox within Okta
If you're familiar with business process workflow capabilities from legacy Identity Governance & Administration (IGA) vendors, you'll realize that Okta's approach is different. Instead of building a workflow engine that interprets complex workflows written in a programming language, Okta created a GUI-driven solution that's intuitive and easy to configure and maintain. The tradeoff is clear. Okta might not be able to handle the most complex workflows that require custom coding, but we hope to solve 80% of workflow needs in a faster and easier way.
Disclaimer: This feature is only available in the Enterprise Plus Edition or Provisioning Product.
Administrator's Point of View
The following screenshot shows the simplicity of configuring an approval process for a specific application.
These are the steps:
- Enable approvals and leave an optional note to requestors
- Choose users or groups to be approvers (multi-step approvals out of the box!)
- Specify what happens when a request is approved
- Specify what happens when a request is denied
- Specify what happens when a request expires (hits a time limit)
End User's Point of View
The following screenshot shows how an end user requests an app.
The end user logs in and clicks a button to add an app.
The user sees the apps that the IT admin has made available. The IT team configured the first app (Facebook at Work) to be instantly added without an approval process. The IT team configured request/approval workflows for the second two applications (Salesforce and Slack).
After clicking Request, the end user can enter a comment for the approver and subsequently click the Request App button.
Approver's Point of View
The approver can view & act on requests in several ways:
- Via email
- Via an inbox in his Okta tasks page