Some recent feature upgrades to Okta Identity Governance have added up to give your access reviews more context and perspective, in addition to making them more scalable. 

Below is a quick summary of some of those feature changes as well as a broader look at what you can do with access reviews thanks to the changes.

Expanding the role of Groups
 

While Okta Identity Governance handles access reviews of resources like applications, it’s also possible to review access to any group within Workforce Identity Cloud. This is significant because of how critical groups are within Workforce Identity Cloud. Groups can help your organization segment provisioning for a broad set of applications rather than individual apps through Group Rules, which you can create based on attributes like departments or cost centers. Groups can also be used to manage the provisioning of particular roles within apps, which is especially significant for resources like AWS and Salesforce, where there is a broad spectrum of access within the resource.
 

The change impacting groups is the addition of a new role within each group for Okta Identity Governance customers: the Group Owner. Group Owners can be an individual, or multiple owners (defined as either multiple users or an Okta group) and can be assigned directly in the group itself in the Okta admin console. For groups sourced from Active Directory, the ‘managedBy’ group owner can be synced from AD into Okta as the group owner.
 

Group owners can be assigned within the Group page

Once defined, group owners can be leveraged in both Access Requests and Access Certifications as a new approver or reviewer. Group owners can be a powerful new reviewer type to use in access reviews in addition to reviewer roles like an individual’s manager or admin because of the added context a group owner may have about the group’s membership. Unlike a group admin, a group owner doesn’t have the ability to add or remove members of the group, keeping privileges limited to access reviews and access requests.

Bringing multiple reviewers to certification campaigns
 

As we’ve provided more optionality for reviewers, we’ve also made it possible to create campaigns with multi-level reviewers.

For sensitive resources, administrators may want to collect review decisions from multiple stakeholders. For instance:
 

• A user’s manager will have a lot of context about the user being reviewed and their roles and responsibilities. However, they may be less familiar with specific applications and tools. 
• An application owner, conversely, is well versed in the application they own, and knows the general policies around who is granted access but may not have as much familiarity or context around specific users and non-standard access, such as access granted through an access request for a specific task or project. 

Multi-level reviewers provides flexibility and customization so the right reviewers have the right context when making access review decisions

By building access certification campaigns with flexible and customizable reviewers, IT and Security teams can have more granularity and control around each campaign. New variables like the time allocated for each level, notifications for each level, and cascading reviews that pass the torch to the next reviewer minimize the review workload for any individual reviewer, ultimately enabling businesses to deliver the most informed and knowledgeable certification outcomes.

Check out this recent demo showcasing the new functionality.

This feature just recently became available, along with some documentation to help you set up multi-level reviewers for your campaigns.

Scaling informed access review decisions
 

Each user represents a potential attack vector or a compliance challenge for your organization. That risk isn't eliminated through rubber stamping access reviews, or through manual processes that often result in mistakes or forgotten resources.

The combination of expanding what groups can do within Okta Identity Governance and creating multiple levels of review within the same access review campaign puts your organization in a better position to consistently make the right decisions when it comes to your most important resources, without having access certification become a costly drag on productivity or IT efficiency.

Give multi-level reviewers and group resource reviews a try today!