The Access Testing Tool enables simulations of real-world user requests to access an application. The result shows whether the user would be allowed access to the app and which rules and settings of the configuration were matched to create the authentication and enrollment requirements. The settings of a real access request are recreated, and then the test is run.

This helps verify whether users or groups can access an app when policies are configured in a certain way.

Simulations can be conducted for the following types of policies and rules:

• Authentication policies
• Authenticator enrollment policies
• Global Session Policies
• User enrollment policies for apps

• Okta Identity Engine (OIE)
• Access Testing Tool

1. Open the policy to test and make a note of the options selected in its rules.
2. In the Admin Console, go to Reports > Access testing tool.

3. Select the same options as those configured in the policy that is required to test:
   • Application: Choose the application for which access testing is desired.

NOTE: Only the first ten apps will show in the drop-down. To target a specific app, begin to type the name in and select the desired app.

• Username: Input the username of a user for access testing. Select it from the list when it appears. To add another one to the list, enter another user's name and select it from the list. To view groups, click Specify group instead. If the Group field is displayed and a return to adding usernames is preferred, select Specify username instead.

NOTE: When entering any value in the user search field on the Access Testing Tool page, the search function compares the search value with the user profile attributes firstName, lastName, and email. This is publicly documented in Find users.

• Device state: Optional. Choose a device state to be included in the test.
• Device platform: Optional. Choose a device platform to be included in the test.
• IP address / Network Zone: Optional. Select a network zone or enter a single IP address, and press Enter to include it in the test.

NOTE: Access Testing Tool does not support dynamic zones.

• Risk score: Optional. Choose a risk score level to be included in the test.

4. Click Run test.
5. Review the results in the Results section of the page.

6. In the Matching Policies section, all policies that matched the criteria appear if the test was successful. If the test was not successful, there are no matching policies to display. Choose the format in which the results should be displayed:
   • Sign-in journey view: This option allows for viewing which policies and rules matched the criteria configured in the simulator for each stage of the sign-in journey. Click on each tile to see the information for that stage.
     • Authenticate: This option displays which policies contained the authenticators and authentication requirements that matched the criteria configured in the simulator.
     • Fulfill authenticator enrollment requirements: This option displays which rules contain the authenticator enrollment criteria configured in the simulator.
     • Fulfill user registration requirements: This option displays which rules contain the criteria for the profile attribute enrollment configured in the simulator.
   • List all views: This option shows all policies and rules that match the criteria in a list.

7. Click Clear test to clear the criteria and configure a new test.

Related References

• Access Testing Tool 
• Which Admin Role is Required to Use the Access Testing Tool