Enhancements to Access Request Workflow Skip to main content
https://support.okta.com/help/blogdetail?id=a67f0000000l2ahiac&refurl=http%3a%2f%2fsupport.okta.com%2fhelp%2fblogdetail
How satisfied are you with the Okta Help Center?
Thank you for your feedback!
How satisfied are you with the Okta Help Center?
1
2
3
4
5
Very Dissatisfied
Very satisfied
Enter content less than 200 characters.

Enhancements to Access Request Workflow

Jul 19, 2016 | by Aaron Yee in Lifecycle Management
Introduction

Hi everyone! We are excited to announce enhancements to our Access Request Workflow (formerly called Application Request & Approval Workflow), which we beta-tested 1Q of this year. I personally want to thank all customers who participated in the beta program. Your feedback was invaluable and drove enhancements and product vision.
 
This feature allows end users to request access to applications and gives approvers the ability to grant access. It strengthens Okta's provisioning solution, which is largely used by IT teams to automate account provisioning and SSO access for users on day one of employment. After day one, users need access to job-specific applications that are typically beyond an IT team's purview. Instead, business application owners, rather than IT, are best qualified to grant access and assign entitlements in apps that need them. Okta has addressed those needs with this feature.
 
Enhancements include:
  • As an admin, you can configure groups of users to be approvers
  • As an admin, you can leave a note (e.g. a disclaimer about licenses) to requestors
  • As an approver, you can see outstanding requests in an inbox within Okta

Okta's Approach

If you're familiar with business process workflow capabilities from legacy Identity Governance & Administration (IGA) vendors, you'll realize that Okta's approach is different. Instead of building a workflow engine that interprets complex workflows written in a programming language, Okta created a GUI-driven solution that's intuitive and easy to configure and maintain. The tradeoff is clear. Okta might not be able to handle the most complex workflows that require custom coding, but we hope to solve 80% of workflow needs in a faster and easier way. 
 
Disclaimer: This feature is only available in the Enterprise Plus Edition or Provisioning Product.

The Feature
 
Administrator's Point of View
 
The following screenshot shows the simplicity of configuring an approval process for a specific application.

User-added image
User-added image

These are the steps:
  1. Enable approvals and leave an optional note to requestors
  2. Choose users or groups to be approvers (multi-step approvals out of the box!)
  3. Specify what happens when a request is approved
  4. Specify what happens when a request is denied
  5. Specify what happens when a request expires (hits a time limit) 


End User's Point of View
 
The following screenshot shows how an end user requests an app.

User-added image

The end user logs in and clicks a button to add an app.

User-added image
 
The user sees the apps that the IT admin has made available. The IT team configured the first app (Facebook at Work) to be instantly added without an approval process. The IT team configured request/approval workflows for the second two applications (Salesforce and Slack).
 
User-added image

After clicking Request, the end user can enter a comment for the approver and subsequently click the Request App button.
 
Approver's Point of View
          

The approver can view & act on requests in several ways:

  1. Via email
  2. Via an inbox in his Okta tasks page
Both methods will display dialog box with approve/deny options. If the approver was granted write permissions, he can set app entitlements (if required).

User-added image
 
 

Comments

  • Anurag Tripathi on May 19, 2017

    Is there any future roadmap for request based assigment of entitlements on the provisioned resource?  i am just referring to OKTA  page 
    regarding access request workflow.

    https://help.okta.com/en/prod/Content/Topics/Apps/Access_Request_Workflow.htm

    and if go through below section from the above page 

    "This feature enhances Okta's provisioning solution, which is largely used by IT teams to automate account provisioning and SSO access for users on their first day of employment. Later, users regularly need access to job-specific applications that are often beyond an IT team's purview. With this feature, business application owners, rather than IT, can grant access and assign entitlements in apps that need them."

    It says we assign entitlements to the apps however when i went thru futher pages regarding the samem i found out that it only allow us to enable self-service at a... (see more)