Okta Identity Governance data retention periods vary by component. Okta retains Governance Reports for three years, Access Requests and Certifications details via the UI and API for 12 months, and System Log data for 90 days. Export reports to a CSV file or integrate a Security Information and Event Management (SIEM) solution to retain data longer.

• Okta Identity Engine (OIE)
• Okta Classic Engine
• Access Requests
• Access Certifications
  
• Okta Identity Governance Reports

How long does Okta retain Identity Governance data?

Review the specific retention periods and data export options for each Okta Identity Governance component:

• Governance Reports: Okta Identity Governance Reports provide a high-level overview of past Access Requests and Access Certifications. Okta retains these reports for up to three years. Export the reports to a CSV file to retain data for more than 3 years.
• Access Requests: The Access Requests UI and API display detailed request information for the past 12 months. Use the Governance Reports to view high-level summaries of requests older than 12 months.
• Access Certifications: Full campaign details remain visible in the Admin Console, Reviewer UI, and API for the past 12 months. Use the Governance Reports to view high-level summaries of certification data older than 12 months.
• System Log: Transactional data and logs resulting from Access Requests or Access Certification Reviews appear in the System Log. Okta retains System Log transactional data and logs for 90 days. Integrate the Okta tenant with a Security Information and Event Management (SIEM) solution to retain logs for a longer period.

Related References

• Okta Identity Governance Reports
• Okta's Data Retention Policy