We’ve recently introduced some new features across Okta Identity Governance that showcase how a tightly integrated governance and access management solution can help your organization solve more identity challenges without added complexity. These new features showcase how Okta Identity Governance stands apart from other governance tools through a unified approach to identity, enabling governance automation and customization within the Workforce Identity Cloud and across other resources in customer environments. 

The flexibility and power of Okta Workflows takes what Access Certifications and Access Requests can do to a whole new level, enabling your teams to use automation to drive better security and compliance outcomes while increasing productivity across your business.

Let’s dive into a couple of updates.

Go further with Access Requests using Workflows

Access Requests has been a hit with end users and IT admins alike thanks to its tight integrations with collaboration tools Slack and Microsoft Teams and its customizable request type builder that leverages the resources you’re already managing within the Workforce Identity Cloud. 

But what if your team needs a request type built for a resource outside of Okta, or for a resource that requires manual provisioning? This is a great use case for Workflows, taking the simple, approachable Access Request capability within Okta and extending what it can do, like provisioning access via APIs or creating a ticket in a downstream ITSM tool. 

While this was possible previously through an Okta Workflows connector, what we’ve introduced is a much simpler, cleaner way for you to build these kinds of customized access request types with a new Workflows integration for Access Requests. Now, you can call a delegated flow directly from a request type in Access Requests. This means you can map responses to questions asked in the request type to the flow while also making execution of the flow dependent on certain responses within the request type. 

With Okta Identity Governance’s Workflows and Access Requests, your team can extend requests to more resources and meet more of your governance use cases across your tech stack. So no matter how distributed your resource portfolio may be, Okta can continue to be a source of truth and a single identity platform for your business.

To see Access Requests with Workflows in action, check out the demo:

Bringing event-driven certifications to the user level

Typically, organizations will use Okta Access Certifications to create recurring campaigns for sensitive resources, helping to ensure that only the right people have access to these resources. But even with recurring reviews, organizational changes can open the door to overprovisioning. 

Perhaps the most common event is someone changing jobs in an organization. Their role changes, their responsibilities change, and so their access should change too. Often, the primary focus is on granting that organizational mover access to new systems they need to do their job, with existing access not always looked at.

Access Certifications now has the ability to run event-based certifications, so when an event like a role change occurs–originating from an HR system and being pushed to Universal Directory– security and IT teams can automate an access review for that particular user when the role change occurs. The new capability is called User Campaigns and enables IT and security teams to automate user-specific certifications to ensure that previously provisioned permissions still make sense.

Workflows helps make User Campaigns work by enabling security and IT teams to  automatically compile all of an organization’s weekly movers to run user campaigns against. Gathering event data from Universal Directory to compile a user list for automated campaign creation eliminates the need for manual reminders and time-consuming data pulls to stay on top of potential security, over-licensing, and compliance issues. 

To learn how to create your own User Campaigns, check out our most recent knowledge base article: 

To see User Campaigns in action, check out the demo.  

By taking a unified approach to identity governance, features like Workflow integrations for Access Requests and User Campaigns allow you to solve your identity challenges holistically from a single source of truth. 

We would love to hear from you! Let us know what you’re most excited about in the comments or share feedback with us.