<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeKnowledge Base
Frequently Asked Questions About Integration with Access Requests and Access Certifications
Jan 23, 2024
Okta Classic Engine
Identity Governance
Okta Identity Engine

 

This article provides answers to frequently asked questions about Integration with Access Requests and Access Certifications


Table of Contents

Known Limitations with Access Requests
Known Limitations with Access Certifications
Remediation with Access Certifications

 

Known Limitations with Access Requests

  • Only Entitlement Bundles (not Entitlements themselves) can be made requestable via Access Requests at this time.
  • Time-bound Access Requests are not currently supported for Entitlement Bundles. They are being targeted for H2CY24.
     

Known Limitations with Access Certifications

  • When assigned permission through a Bundle, the bundle itself will be reviewed as an item in the Access Certification campaign. If assigned an entitlement (i.e., through policy or through custom assignment), then the entitlement itself can be reviewed
  • At EA, when reviewing entitlements for an application, the campaign must be scoped to a single application. The UI will only allow you to select a single application.
  • User campaigns will include the entitlements for a user for any entitlements the user is assigned through entitlement management as well.

 

Remediation with Access Certifications

  • When reviewing entitlements, the app assignment is not reviewed and will not be automatically removed if all entitlements are removed. At EA, this can be automated through leveraging Okta Workflows triggered from decision events if desired.

  • Using “Remove access from user” as the remediation for decisions to revoke and/or items that are left unreviewed when the campaign closes has the following expected remediation outcomes:
     

    Permission/ Assignment Type

    Assignment Method

    Access Certification “Remove access from user” Remediation Outcome

    Entitlement Bundle

    Access Request

    Successful - Bundle removed from User

    Entitlement

    Policy

    Manual Remediation Required - Update Policy or convert user to custom

    Entitlement

    Custom

    Successful - Entitlement removed from User

 

 

 

 

Recommended content

Still looking for help?
Loading
Frequently Asked Questions About Integration with Access Requests and Access Certifications