<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeKnowledge Base
Frequently Asked Questions About Governance for Entitlements
Apr 15, 2026
Identity Governance
Okta Classic Engine
Okta Identity Engine

This article provides answers to frequently asked questions about Governance for Entitlements

 

Table of Contents

Is it possible to request entitlements directly through Access Requests?
Is it possible to certify entitlements or bundles directly through Access Certifications?  
Can a report be run on who has access to what Entitlements?  
Does Entitlement Management introduce the concept of resource or entitlement owner? 
Can a requestor request applications or entitlements on behalf of other users? 
​​​​​​​Can OIG support Separation of Duties (SOD) with Entitlement Management? 
Can OIG support Role Mining with Entitlement Management? 
​​​​​​​Can OIG support Rogue Account Detection (Shadow IT) with Entitlement Management? 

​​​​​​​

Is it possible to request entitlements directly through Access Requests?

Only Entitlement Bundles can be requested via Okta Access Requests. Entitlements cannot be directly requested through Access Requests today, but are on the roadmap for H2CY24.
 

Is it possible to certify entitlements or bundles directly through Access Certifications?

Yes! When Entitlement Management is enabled for the org, a new option will appear for Access Certification "Application" resource campaigns to "Review entitlements", enabling the review of the entitlements assigned to users. Additionally, User Campaigns will include the entitlements and bundles assigned to the users in scope and the applications and groups that exist today.
 

Can a report be run on who has access to what Entitlements?

Yes! A new User Entitlements report will appear in the Reports section. If it takes a while to load or to drill down into specific entitlements, it is recommended to use the filters to select the Application and then the relevant entitlement(s).
 

Does Entitlement Management introduce the concept of resource or entitlement owner?

No. Not supported at this time. 
 

Can a requestor request applications or entitlements on behalf of other users?

Currently, an application or entitlement can be requested on behalf of another user using the Okta Identity Governance API or specifying the user who will receive access email via a field in the request type. Better out-of-the-box support for "request on behalf of" use cases will be introduced in the near future.
 

Can OIG support Separation of Duties (SOD) with Entitlement Management?

Yes! Please refer to the documentation Get started with separation of duties.

 

Can OIG support Role Mining with Entitlement Management?

Not at this time. When reviewing role analysis, reference can be made to Role Analysis with Okta ISPM – Are My Groups and Roles Being Used Effectively

 

Can OIG support Rogue Account Detection (Shadow IT) with Entitlement Management?

This capability is now supported by Okta Secure Access Monitor (SAM) plugin and Identity Security Posture Management (ISPM). Please refer to Detect and discover AI agents.

Recommended content

Still looking for help?
Loading
Frequently Asked Questions About Governance for Entitlements