<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeCommunityForum
0D5WR00001gq6VR0AYOkta Classic EngineIdentity GovernanceAnswered2026-05-29T15:11:02.000Z2026-05-25T13:56:19.000Z2026-05-29T15:11:02.000Z

SandeepA.25600 (Customer) asked a question.

May 25, 2026 at 1:56 PM
User Access review filtering for Apps and groups

In case an organization wants to run access review campaigns only for SOC/PCI based apps instead of all the apps a users have access considering an organization has 500 apps. Today excluding all the apps other than SOX/PCI is a very time consuming. Is there a an easy way to include specific apps in the campaigns? Can the filter be available to exclude or include specific apps using OEL and can the same be done for groups when an organization has 200K+ groups as the access is not only user specific but location specific for a user/app?

 

 

  • 1 answer
  • 98 views

  • Mihai Negoita - Okta (Okta, Inc.)

    Hi @SandeepA.25600 (Customer)​ , Thank you for reaching out to the Okta Community! 

     

    The use of Okta Expression Language (OEL) is not supported for this.  

    You will need to leverage Labels

    In short: 

    1. Create a custom label (i.e. "Compliance: SOX" or "Compliance: PCI").
    2. Assign this label to the relevant apps/groups.
    3. Create a Resource Campaign and select the Labels method. Choose your custom label to automatically restrict the campaign to only those tagged apps/groups.

     

    I recommend reviewing this Okta Identity Governance (OIG) Labels Guide for in-depth details about the implementation and please take note of the limitations and supported use cases.  

     

     

     

    If my answer helped, remember to mark it as best to increase its visibility for other members of the Okta Community who might have the same questions as you. 

     

    Hope my answer helps! 

     

    --

    Help others in the community by liking or hitting Select as Best if this response helped you.

    Collect them all. Learn a new skill and earn a new Okta Learning badge.

    Just released: More Okta Community badges just added

    Expand Post
    Selected as Best

  • Mihai Negoita - Okta (Okta, Inc.)

    Hi @SandeepA.25600 (Customer)​ , Thank you for reaching out to the Okta Community! 

     

    The use of Okta Expression Language (OEL) is not supported for this.  

    You will need to leverage Labels

    In short: 

    1. Create a custom label (i.e. "Compliance: SOX" or "Compliance: PCI").
    2. Assign this label to the relevant apps/groups.
    3. Create a Resource Campaign and select the Labels method. Choose your custom label to automatically restrict the campaign to only those tagged apps/groups.

     

    I recommend reviewing this Okta Identity Governance (OIG) Labels Guide for in-depth details about the implementation and please take note of the limitations and supported use cases.  

     

     

     

    If my answer helped, remember to mark it as best to increase its visibility for other members of the Okta Community who might have the same questions as you. 

     

    Hope my answer helps! 

     

    --

    Help others in the community by liking or hitting Select as Best if this response helped you.

    Collect them all. Learn a new skill and earn a new Okta Learning badge.

    Just released: More Okta Community badges just added

    Expand Post
    Selected as Best

Loading
User Access review filtering for Apps and groups