Organizations today are driven by technology. Their workforces rely on a broad set of applications and resources to enable workers, teams, and departments to be productive, successful, and happy at work.

It’s in that environment that IT and Security teams are tasked with managing vast portfolios of apps and narrower entitlements for heterogeneous workforces of employees, contractors, and business partners. Therein lies the rub as they say: IT teams want to enable access to a given app for everyone who needs it while security teams want to limit that access to only those who need it. 

Provide too much broad access to users and sacrifice security; provide too little and sacrifice user productivity. In a cloud-centric, app-rich world, this tension is at the heart of modern governance where a principle of least privilege has become the gold standard for identity security.

How to think about a principle of least privilege and access request’s role

To maintain a principle of least privilege without limiting workforce productivity (and frustrating end users), it’s important to limit baseline access without imposing unnecessary friction. That starts with limiting birthright access–the access provided to every new worker when they start–to only the most necessary of resources for a given role, like baseline entitlements for collaboration tooling, CRM systems, and HR systems, for example. The second critical element is all about creating access request experiences that operate at the speed of business, and are flexible enough to handle an organization’s different use cases. That means access requests that are native to worker channels and workflows and can automate as much as possible–something Okta Access Requests excel at.

Okta Access Requests allows you to automate the process of requesting access to applications and resources through simple workflows and integration with collaboration apps like Slack or Microsoft Teams. Its flexibility helps IT scale, and provide added visibility for a requester, letting the user know where the request is in the process. Today, Okta Access Requests is going further in helping organizations reach their least privilege goals by adding the capability to make an access request on behalf of someone else.

Request on Behalf Of

Request on Behalf Of is one of our most requested (no pun intended, I swear) Okta Identity Governance features, and its general availability will unlock a broad set of new use cases for Okta customers. By making a request possible on behalf of another user, organizations can continue to narrow down birthright access to specific entitlements or entitlement bundles, enhancing security without trading off productivity for users. 

Check out the demo video of Request on Behalf Of in action.

Some specific use cases:

• Managers requesting access for specific entitlements or apps for new employees or team members while they complete onboarding
• Corporate users requesting access for external collaborators, such as business partners
• Office workers facilitating access for front-line workers who do not work in Okta regularly

Request on Behalf Of is available for OIG customers in both Preview and Production.