ArijeetG.72919 (Customer) asked a question.
Hi Community,
We are leveraging Okta Identity Governance – Access Requests to manage and extend contractor access (via updates to a contractExpiryDate attribute in UD). The current implementation works functionally, but we’re running into UX and data‑integrity limitations due to the way requesters must identify the contractor.
Current Behavior
Our Access Request form includes a free‑text email field where managers enter the contractor’s email address. The fulfillment logic then matches this email to the Okta Universal Directory record and updates the contractor’s expiry date.
Challenges
Because the field is free text, we commonly see:
- Typos or invalid email formats
- Requests referencing non‑existent Okta users
- Cases where managers guess the email format incorrectly
- No real‑time validation or visibility into the user record
- No ability for requesters to confirm the user’s current contractExpiryDate
- No guardrails preventing selection of the wrong person
This creates friction for managers, leads to back‑and‑forth with IT, and increases administrative overhead.
What We Need (Ideal Experience)
We would like to replace the free‑text email field with a directory‑backed user selection control, ideally with:
- Search-as-you-type autocomplete based on Okta Universal Directory
- Ability to identify the user by name, email, login, or user ID
- Ability to display key profile attributes (e.g., current contractExpiryDate, status, manager, department)
- Guaranteed selection of a valid, active Okta user
- Data passed cleanly into downstream Access Requests policies and Workflow fulfillment steps
- Essentially, we need a first‑class “User Picker” field within Access Requests instead of a free‑text input.
A few questions to the Community / Product Team:
Does Access Requests currently support a UD‑backed user selector / entity picker field?
- If yes, how can it be enabled or configured?
Is there an existing feature request in the Okta Ideas portal for a User Picker or Directory Lookup form control?
- If so, I’d like to upvote and track it.
If not, would this enhancement fall under the “Identity Governance → Access Requests” category in the Ideas portal?
- I want to ensure I submit it in the right product area.
Is there any recommended design pattern today (Workflows, custom API dropdown, or OIDC front-end integration) to simulate a directory-backed picker until native support exists?
@ArijeetG.72919 (Customer) - Thank you for taking the time to provide a detailed question.
When a request is made it pops up a static form from the schema of the Request Type. The questions that the Requester can fill out are either plain-text free-form fields or a drop-down. This form does not perform an API call until the form is submitted. There is currently no mechanism to call the Okta /users "List users" endpoint and paginate results which is what you are essentially asking for.
Assuming your userbase is under 1000 it would technically be possible to achieve your goal with a Config List. However, there is no API available to construct a Config List via API which means it would have to be manually constructed / updated which is not ideal.
This scenario definitely falls under an enhancement request via Okta Ideas. I was not able to locate any Idea that fits your scenario at any level of detail. The product you are discussing is Access Requests which falls under the "Identity Governance" suite of products.
You may also want to join a community office hours session lead by the Product team and discuss this scenario. There may be workarounds I have not considered or roadmap items I am not aware of. The signup is here: https://calendly.com/okta-oig