Did you know If you are an Okta Identity Governance (OIG) customer you have the tools to manage who can request access to Request Types and Resource Centric Access Requests using groups? Let us show you how!
Both Request Types and Resource Access Request Conditions leverage groups to control the audience. What is the audience you ask? Audience is how you control / limit who can even request access in the first place. If you are not part of the audience you will not even be able to make the request. This is one of many ways OIG helps enforce Least Privilege.
- Request Types and Resource Centric Access Requests
- Okta Identity Governance (OIG)
Resource Centric Access Requests
Within the Resource Centric Access Requests (RCAR) more functionality is available over the traditional Request Types. RCAR offers the ability to use multiple groups to define the Requester scope aka Audience.
Request Types
Within the Request Type setup the Team member or Super Admin can choose between all users within your Okta tenant, an internal Team or leverage Okta Push Groups on the Okta Access Requests Application.
BRINGING IT ALL TOGETHER
Now that you understand the Audience. Build an Resource Centric Access Request Condition that manages who belongs to a group that controls the audience of another Resource Centric Access Request Condition.
To learn more about building Conditions, see Create an access request condition.
Related References
Training:
We have put together other resources below that can help you as you become familiar with Okta Identity Governance:
- We share two videos about Access Certification campaigns and Access Request in this article: Okta Identity Governance
- Corporate blog: Okta Identity Governance: A Unified IAM and Governance Solution
Learn about the new capabilities available, Access Requests, Access Certifications, and more in this FAQ: Identity Governance FAQs
