7jv04 (7jv04) asked a question.
Okta Access Review - Is there a different way vs using Access Certifications?
Happy Taco Tuesday!
I'm just getting started with using Access Certifications to run access review campaigns for my apps, but when I tried to schedule an access review for Okta, I only have Okta Advanced Server Access, Okta Access Requests, and Okta Access Requests Oauth. Setting up access reviews for my 3rd party apps was a breeze, but I'm wondering if this isn't the approach for auditing user/privileged access to the Okta Admin Console. I was hoping to run it as a regular scheduled campaign along with everything else. Thoughts, ideas, alternatives?
Thanks in advance all!!!
@7jv04 (7jv04) - The first-party apps in general shouldn't be available targets as a resource for certification. I had discussed the exact scenario of AR/AR Oauth being visible with the product PM a few months ago and this may be considered a "bug". I am assuming the same with Okta ASA.
What it comes down to is most of the first-party application assignments are gated by other requirements and users are not directly assigned to the applications. For example the Okta Admin console a user must have a admin role. Workflows, they must be a Super Admin. Console they need to be a user in Okta etc....