<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeKnowledge Base
Frequently Asked Questions About Governance for Entitlements
Jan 23, 2024
Okta Classic Engine
Identity Governance
Okta Identity Engine

This article provides answers to frequently asked questions about Governance for Entitlements

 

Table of Contents

Can I request entitlements directly through Access Requests? 
Can I certify entitlements or bundles directly through Access Certifications?  
Can I run a report on who has access to what Entitlements?  
Does Entitlement Management introduce the concept of resource or entitlement owner? 
Can a requestor request applications or entitlements on behalf of other users? 
​​​​​​​Can OIG support Separation of Duties (SOD) with Entitlement Management? 
Can OIG support Role Mining with Entitlement Management? 
​​​​​​​Can OIG support Rogue Account Detection (Shadow IT) with Entitlement Management? 

​​​​​​​

Can I request entitlements directly through Access Requests?

Only Entitlement Bundles can be requested via Okta Access Requests.  Entitlements cannot be directly requested through Access Requests today but are on the roadmap for H2CY24.
 

Can I certify entitlements or bundles directly through Access Certifications?

Yes! When Entitlement Management is enabled for your org, you’ll see a new option for Access Certification “Application” resource campaigns to “Review entitlements,” allowing you to review the entitlements assigned to users. Additionally, User Campaigns will include the entitlements and bundles assigned to the users in scope and the applications and groups that exist today.
 

Can I run a report on who has access to what Entitlements?

Yes! You will see a new User Entitlements report in your Reports. If it takes a while to load or you want to drill down into specific entitlements, we recommend using the filters to select the Application and then the entitlement(s) you are interested in. 
 

Does Entitlement Management introduce the concept of resource or entitlement owner?

No. Not supported at this time. 
 

Can a requestor request applications or entitlements on behalf of other users?

Currently, an application or entitlement can be requested on behalf of another user using the Okta Identity Governance API or specifying the user who will receive access email via a field in the request type. Better out-of-the-box support for “request on behalf of” use cases will be introduced in the near future.
 

Can OIG support Separation of Duties (SOD) with Entitlement Management?

Not at this time. OIG does not support out-of-the-box Separation of Duties capabilities yet. This is on our long-term roadmap.
 

Can OIG support Role Mining with Entitlement Management?

Not at this time. OIG does not support out-of-the-box Role Mining capabilities yet. This is on our long-term roadmap. 
 

Can OIG support Rogue Account Detection (Shadow IT) with Entitlement Management?

Not at this time. OIG does not support rogue accounts or elevated privileges detection. This is on our long-term roadmap.


 

Recommended content

Still looking for help?
Loading
Frequently Asked Questions About Governance for Entitlements