May 2026
April 2026
March 2026
February 2026
January 2026
December 2025
November 2025
September/October 2025
August 2025
June/July 2025
May 2025
March/April 2025
February 2025
What is new in Okta Identity Governance - May 2026
Assignment Methods - The Assignment Methods setting provides context for certification campaign reviewers on how a user was assigned access to a resource. It provides visibility into assignment methods for all resources, including all methods used to grant entitlements. This feature helps reviewers to make informed, accurate decisions about a user's access. (GA)
Smart Review - Smart Review creates a step-by-step workflow for campaign reviewers that groups items by user or resource. This approach reduces reviewer fatigue, enables more informed access decisions, and enables reviewers to efficiently tackle high-volume campaigns. (GA)
Governance Analyzer - Provide access certification campaign reviewers with insights and recommendations to make more informed decisions when approving or revoking user access. Governance Analyzer analyzes the access management data in the org to provide insights and approve/revoke recommendations to reviewers. (EA)
Control Self-Review in Campaigns - Allow or block campaign reviewers from approving or revoking their own access to Okta admin roles. While Okta prevents self-reviews in campaigns that govern Okta admin roles by default, this feature gives the option to allow self-reviews. (EA)
Active Campaign Details Report - Use this report to view the high-level configurations and status of the active access certification campaigns. This overview makes it easy to track overall campaign progress at a glance. (GA)
Active Campaign Summaries Report - Use this report to view in-depth information about the active access certification campaigns. This detailed view helps monitor granular progress, identify reviewers who haven't completed their tasks, and improve overall completion rates. (GA)
What is new in Okta Identity Governance - April 2026
Delegate Restrictions - Restrict who users can select as delegates to ensure tasks are assigned only to authorized individuals. Configure settings to limit delegate selection to a user's direct manager, their colleagues (peers with the same manager), or allow them to select anyone in the org. This helps strengthen org security, improve compliance, and provide greater control over task delegation. (GA)
Slack Integration for Access Certifications and Access Requests - The Identity Governance - Slack notifications feature allows sending Access Certification campaign notifications to reviewers and admins using Slack. Send notifications for new campaigns, reminders for campaigns closing soon, reassigned review items, and more. Slack notifications for campaigns help reduce the need for additional manual follow-ups for campaign owners. They also help increase the completion rate of reviews before the campaign's end date. Once enabled, super admins and admins with the Manage governance settings permission can integrate Slack with Okta from the Settings > Integrations tab and configure Access Certifications and Access Requests notifications. (GA)
Additive Entitlements - Admins can now grant specific, time-bound entitlements to individual users without creating entitlement bundles for requests. These individual entitlement grants are additive in nature to the existing policy or custom grants. Admins can revoke an individual entitlement, which is removed across custom and entitlement grants. They can also perform risk assessments on multiple entitlements for the user. (GA)
Expiring Notifications - Requesters now receive a notification one day and one hour before their access ends. Okta sends these notifications only for the access that was requested using requests managed by conditions. (GA)
Improvements to the Access Request experience for Slack - If the Unified Requester Experience feature is enabled, it is now possible to configure whether users can submit and approve requests in Slack without being redirected to the End-user Dashboard. This applies to access requests that are managed by request types and to conditions. Additionally, when Approve and deny requests is toggled on, users can approve Okta admin role bundle access requests from Slack. (GA)
Slack for Government Moderate and Government High - Okta for Government Moderate and Government High customers who use commercial Slack instances can now integrate Slack with their org to streamline access management in Access Requests and Access Certifications. Users can now submit and approve requests in Slack and receive Slack notifications for access requests and certification campaigns. Feature availability varies depending on whether the Unified requester experience feature is enabled. See Okta Identity Governance Limitations for Public Sector Service.
What is new in Okta Identity Governance - March 2026
Governance Labels and Resource Owners
- Governance labels - The Labels API enables the categorization and organization of resources such as apps, groups, entitlements, and collections. Create, update, and assign key-value labels to resources to support automation, streamline configuration, and simplify the management of access reviews and requests. (GA)
- Resource owners - Assign owners to groups, apps, entitlements, and entitlement bundles. This feature automatically routes access request steps and access certification campaign reviews to the correct stakeholder, improving the efficiency and accuracy of governance processes. It also helps ensure the right stakeholder is always involved in access decisions without requiring manual configuration updates. Applies to Access Request Conditions and Access Certifications (GA)
What is new in Okta Identity Governance - February 2026
Govern Access to AI Agents - Use Okta Identity Governance to expand governance capabilities to AI agents and their linked apps. This helps ensure that the users have the appropriate access to apps linked with AI agents and nothing more. A linked app is an app that has an active AI agent associated with it. Streamline requesting access to AI Agent-linked apps using Access Requests and certify and remediate existing access to these apps with Access Certifications. (EA). Requires purchase of the Okta for AI Agents SKU
Access Granted and Revoked Notifications - For access requests managed by conditions, requesters are now notified when their access to a resource expires. Requesters are notified by email, Slack, or Microsoft Teams, depending on the configurations. Applies to Request Conditions (GA)
Certify Resource Collections - Resource Campaigns - Use access certification resource campaigns to certify user access to resource collections. Rather than reviewing individual apps, entitlements, or bundles separately, running resource campaigns for resource collections reduces the volume of review items for reviewers and provides them with the necessary context to make informed decisions. (EA)
Add Request Friendly ID into Request API Endpoints - User-friendly request IDs (permalink IDs) are now available as part of the Retrieve a request APIs (V1, V2), enabling admins to use these IDs in automations and quickly look up the corresponding request in the UI for context or troubleshooting. Applies to Request Types and Request Conditions (GA)
On-Prem JDBC Connector - Designed to seamlessly integrate on-prem databases with Okta Identity Governance (OIG)! This new connector will provide out-of-the-box user lifecycle management and governance capabilities for "generic" databases. (EA)
What is new in Okta Identity Governance - January 2026
Approval Escalations - Streamlines approvals by allowing end users to escalate to the assigned approver’s manager if their approver is unavailable, helping ensure that users can get the access they need in critical moments and giving admins confidence to move towards time-based access for critical resources, knowing that their end users will not be blocked. Applies to Request Types and Request Conditions (GA)
Access Requests for AD Groups - Customers can simplify access management by enabling users to request AD group access directly. It then leverages bi-directional sync to automatically add and remove users from AD groups, ensuring that access is managed efficiently and time-bound access is automatically revoked. Applies to Request Conditions (GA)
Security Access Review - Review user access to sensitive resources in response to security incidents. A security access review examines a user's access to resources, their level of access, and the method by which access was granted. These reviews are prioritized based on app and entitlement criticalities and access anomalies, and are designed to enhance account and org security. Using the Admin Console or APIs, launch these manually or trigger them automatically as a response to specific security events. This allows for investigating access anomalies, confirming that access is appropriate, and revoking it temporarily or permanently if necessary. (GA)
What is new in Okta Identity Governance - December 2025
Access Certifications for Service Accounts - Customers can use Okta Access Certifications to certify whether users should retain the right to access SaaS/Okta/AD service accounts that are managed in Okta Privileged Access. (EA)
Governance Labels - The Labels API categorizes and organizes resources such as apps, groups, entitlements, and collections. It is possible to create, update, and assign key-value labels to resources to support automation, streamline configuration, and simplify the management of access reviews and requests. Applies to Access Certifications (GA)
What is New in Okta Identity Governance - November 2025
Universal Logout for Access Requests - The Okta Access Requests web app now supports Universal Logout. This enables admins to automatically sign users out of this app when Universal Logout is triggered. See Third-party apps that support Universal Logout. (GA)
Resource Owners - Drive automation and simplify Okta Identity Governance (OIG) configuration by assigning owners to resources, such as apps, groups, and entitlements. It is possible to automatically assign reviewers for access certifications (GA Preview, EA Prod) or approvers for requests that are scoped with specific owner-assigned resources. Applies to Access Certifications and Request Conditions (GA)
Entitlement History - Gain a new level of insight into user access with our entitlement history feature. A complete, chronological timeline is now available, showing a user's entitlement assignments and unassignments for any enabled application. This provides a clear audit trail and helps answer key questions about "who had what access, and when?" (GA)
Export Reports as PDF—OIG-specific reports can now be exported in PDF and CSV formats. PDF exports include a cover page with information, including the report type, org name, timestamp, and some additional metadata. These may be useful to send to stakeholders who prefer PDF as a format, for example, during an internal audit. NOTE: Both formats now allow for selecting the columns to be included in the export. (GA)
Continuous Access Evaluation (CAE) for Access Requests - User sessions are periodically refreshed, invoking an evaluation of the sign-on policy. If the policy requirements are not met, users are prompted to re-authenticate. (GA)
What is New in Okta Identity Governance - September/October 2025
OIG Utilities for New and Existing Features - The attached workflow folders provide examples of flows that walk through common use cases. They are not fully supported templates. The intent is to showcase how the API’s work in some cases, jump-start building out more comprehensive use cases, or simply report using Slack. Feel free to update to the tool of choice.
Part 1 of 3
Part 2 of 3
Part 3 of 3
Governance Delegates - Super admins and users can assign another user as a delegate to complete governance tasks for them. Governance tasks include access certification campaign review items, access request approvals, questions, and other tasks. After a delegate is specified, all future governance tasks (access request approvals and access certification reviews) are assigned to the delegate instead of the original approver or reviewer. This helps ensure that governance processes do not stall when approvers are unavailable or tasks need to be rerouted to a different stakeholder for an extended period. It also reduces the time spent on reassigning requests and reviews manually. Applies to Request Types and Request Conditions and Access Certifications (GA)
Unified Audit Reports in Access Certification - Make generating data needed for compliance audits easy by going to a single place in Access Certifications for all reporting needs, reducing the time required for audit readiness. (GA)
Redesigned Approver Experience for Access Requests - With this update, Okta has made it easier for approvers to get the key information they need to make decisions quickly, efficiently, and securely. Okta has streamlined the approval process to reduce clicks and clearly surface all critical decision-making information and calls-to-action upfront. The access request details page and email notifications have been enhanced for improved visibility of approvers' tasks and requesters' responses. If Slack is integrated with Access Requests, similar changes have been made to the access request message that approvers receive. Applies to Request Types and Request Conditions (GA)
Security Access Review - Review user access to sensitive resources in response to security incidents. A security access review is an examination of a user's access to resources, their level of access, and the method by which access was granted. These reviews are prioritized based on app and entitlement criticalities and access anomalies, and are built to foster greater account and org security. Using the Admin Console or APIs, launch these manually or trigger them automatically as a response to specific security events. This allows for investigating access anomalies, confirming that access is appropriate, and revoking it temporarily or permanently if necessary. (GA Preview)
What is New in Okta Identity Governance - August 2025
Scale Enhancements to Disconnected Applications (EA)
-
- CSV limit increase from 5k to 8 MB file size (~25k rows).
- Syslogs emitted for CSV import completion and # of records imported.
- Auto-confirm for users so they do not need to be manually confirmed.
Terraform Provider - Okta Identity Governance Campaigns, Entitlements and Request Conditions can now be managed using the Okta Terraform Provider, enabling customers to maintain their governance policies alongside the configuration of Okta and other resources being maintained through this Infrastructure-as-Code tool. What are the customer benefits?
- Automation - Automated the management of governance policies to reduce the chance of mistakes, and supports governance at scale.
- Version Control - Allows storing configurations in version control systems for improved tracking, visibility, audit logging, and collaboration.
- Efficiency - Simply maintenance of governance policies through integration into existing DevOps workflows.
- Administrative Delegation - Through incorporating into existing CI/CD pipelines, customers can allow app owners to maintain their own policies with approval processes in place, without granting those app owners Okta administrator permissions
This has been released as part of the existing Okta Terraform provider, available here as v6.0. Documentation is available on the Hashicorp registry site here as well.
What Is New in Okta Identity Governance - June/July 2025
Unified Requestor Experience - Use this feature to create a consistent and unified experience for initiating requests in End-User Dashboard, Slack, and Microsoft Teams, regardless of whether the request is managed by conditions or request types. This gives the flexibility to use either or both methods together to manage resource access without altering the requester's experience. (EA)
On-prem Connector for Oracle EBS - On-prem Connector for Oracle EBS connects Oracle EBS on-premises apps with Okta Identity Governance. It helps admins discover, view, and manage Oracle EBS entitlements directly in Okta. This integration enhances security, saves time, streamlines entitlement management, and eliminates the need for custom integrations. See On-prem Connector for Oracle EBS and Supported entitlements by On-prem Connector. (EA)
What Is New in Okta Identity Governance - May 2025
OIG for DoD IL4 - OIG is now Audit-Ready for DoD IL4. More information is available on the US Public Sector Resource Page, including future timelines for other Fed initiatives.
Campaign description email variable - Campaign description can now be included in access certification campaign emails.
New access certification reports fields (past campaign details report / past campaign summary report) - Campaign ID is now available as a filter in the past campaign details and past campaign summary reports. The following new columns are available in the UI: Past campaign details report - User email, Reviewer email, Reviewer reassigned. Past campaign summary report - Campaign resource count.
What Is New in Okta Identity Governance - March/April 2025
User-friendly group display name and description - User-friendly group display name and description. Use the endUserDisplayName and endUserDisplayDescription group profile attributes to set a display name and description for an Okta group. The name and description set are visible to requesters and approvers and provide context when they request or approve access. Okta automatically updates the group's display name and description (if available) on the End-User Dashboard twice daily. To make changes visible immediately on the End-User Dashboard, update a condition for an app that is assigned to the group. Applies to Request Conditions
Separation of Duties - Use Separation of Duties (SOD) rules to define which combinations of entitlements create conflicts of interest in an organization. Divide tasks and responsibilities using these rules so that the same user in an org does not have control over all aspects of a critical process. It is possible to configure SOD rules to help reduce the risk of error, fraud, or unauthorized actions.
Entitlement Value Description - The Entitlement value description option is now available in the Contextual Information section on the Access Certifications > Settings page. This option allows reviewers to view the description of an entitlement value for entitlements (including entitlements in a bundle) in the Review details panel for a review item. Additionally, admins and reviewers can also select the Entitlement value description option from the Customize view menu to add that as a column in their review table.
Unified Look and Feel for Okta Access Requests - The Access Requests console and Okta Access Requests web app now have a new look and feel, including redesigned side and top navigation menus and the addition of a gray background. Additionally, the Dark mode is no longer available in Access Requests.
What Is New in Okta Identity Governance - February 2025
Generally Available Public APIs - The first Governance APIs, including the Access Request and Access Certification APIs, have been made generally available.
Managing Request Conditions using APIs
Resource Collections - Admins can now create business roles so that applications and entitlements across multiple applications can be managed and governed together.
Govern Disconnected resources via CSV - For Applications where Provisioning and Single Sign-on are not managed via Okta, admins can import flat files of users and entitlements into Okta to run access certifications and requests for these disconnected resources.
On-Prem SAP Connector - A new connector to automatically import and manage entitlements (and use the Access Request and Access Certification features for these entitlements) for On-Prem SAP based on SAP Netweaver ABAP Application Server (6.10, 6.20, 6.30, 2004, 7.x).
Entitlements in SAML Claims - Customers can now pass Entitlement values in SAML assertions instead of Group Memberships. This helps customers avoid issues like Token size and group membership naming conventions.
Access Request Expiration - Access Requests that do not have activity in the last 60 days will now expire to prevent the accumulation of stale requests and improve the notification experience.
Documentation Applies to Request Types and Request Conditions
Active Directory Group Descriptions - Okta now imports the descriptions of Active Directory, which can be a useful context in Access Certifications, so reviewers understand these groups and can make informed decisions.
Documentation
Preconfigured campaigns for Inactive Users - Administrators can easily launch campaigns to review the inactive users to help clean up and remove these users.
Group Remediation for Application Campaigns - Remediate user access to group-assigned apps automatically from the campaign. This reduces the need for manual remediation.
Exploring Enhanced Group Remediation in Access Certification
Join the OIG Community Office Hours for more information!
