abcn0 (abcn0) asked a question.
Our team created the Google Workspace SOD and enabled it in the IGA Access Request Conditions panel.However, there's no option to enable IGA request type flows. If we enable conditions in the conditions, if we use bundles to request request types, will SOD still work, and will conflicts appear when the user tries to request via request type and block the request? Or does SOD not work for the request type? There's no screen or information on the request type in the build...We need to know to respond to our IAM manager and the Risks team if when users request via access request type, conflicts will appear in the verification campaigns and in the separation of duties report, because we'll be audited by the Audit team in two months.
Hi @abcn0 (abcn0) , Thank you for reaching out to the Okta Community!
I would strongly recommend that you open a case to have our Okta Support team go over your implementation to confirm, but based on the information I could find on the topic, the SOD rules you set are a foundational part of Okta Identity Governance (OIG) and are enforced across all access request methods. The "request type flow" is simply a streamlined way for a user to initiate a request; the underlying governance and SOD checks still apply.
The SOD rules configured in your "Access Request Conditions" panel apply universally. The fact that you don't see a separate "enable" option in the "request type" build is not a cause for concern; it simply means the SOD feature is a core, always-on part of the governance engine, running behind the scenes on all access requests.
Regards.
--
Help others in the community by liking or hitting Select as Best if this response helped you.
Collect them all. Learn a new skill and earn a new Okta Learning badge.
Just released: More Okta Community badges just added