An Okta system log entry indicates a user's access to a group or application was removed by an Actor called Okta IGA Connector. This article details how to determine why this access was removed.

• Okta Identity Governance (OIG)
• Access Certifications
• Access removal

Whenever an Access Certification decision is made by a reviewer, the entry in the Okta System log showing the removal of access to the resource and attributed to OIG will be immediately preceded by an entry logged with details of the reviewer that took the action, the resource granted or removed, and the user acted upon.

To locate the details of the reviewer who took the action, expand the system log search to include eventType eq "certification.campaign.item.remediate".

• The Actor field will contain the reviewer who made the decision.
• The Outcome > Result field will show the decision taken (SUCCESS or SKIPPED).
  • If the Outcome > Result shows SKIPPED, manual remediation is likely needed. See Handle remediation manually for more information.
• The Target field will show the user acted upon.
• For more information on the various attributes, see the table under the Key Campaign Review Item Event Attributes section.