Campaigns
Campaigns help ensure that your users have the right level of access to resources like apps and groups.
-
Resource campaigns
This campaign type displays all users who have access to a resource.
You can select a resource, such as an app or group, and review who has access to it. You can select all users assigned to the resource or define a specific set of users using the Okta Expression Language. You can also exclude certain users from the campaign. Run resource campaigns regularly to ensure that access to sensitive resources is limited.
Resource campaigns are useful for meeting your audit and compliance requirements for professional standards, such as SOC2 and SOX.
-
User campaigns
This campaign type displays all resources that a user has access to.
You can select a specific user or user group and review their assigned resources. Most privileged access is either requested by the user or it's individually assigned to them. Often reviewers don't need to review access to resources granted through group membership or group rules. User campaigns allow you to set up a campaign where reviewers only need to review access to users’ individually assigned resources and not group-assigned resources.
User campaigns allow you to manage user’s access to resources efficiently, especially when the user’s relationship with your organization changes due to events such as role, department, or project change.
Run user campaigns frequently to ensure that users have the least privileged access.
You can schedule campaigns in advance, make them recur at specific intervals, and modify them before they launch.
A campaign becomes active on the start date and is marked as closed on the end date. You can launch a campaign before its start date and end an active campaign before its scheduled end date. However, after a campaign launches, you can only reassign review items or end the campaign. You can’t modify a campaign after it ends.
You can view active, scheduled, and closed campaigns from the Access certification campaigns page. Recurring campaigns are marked with the Recurring label on the Scheduled tab to indicate that they’re a part of a series of recurring campaigns. Closed campaigns are stored for 12 months.
After you schedule a campaign, it becomes active on the scheduled start date. Your reviewers can access the review items assigned to them from the Okta Access Certification Reviews app tile on their dashboard. They can approve, revoke, or reassign the review items.
If a scheduled campaign fails to launch, you receive an email notification. To view errors, you can do any of the following steps:
- Click View Campaign from the email notification.
- Open the campaign from the Closed tab of the Access certification campaigns page.
- Go to the System Log.
Resolve the errors before you recreate the campaign. You may want to note down the Okta Expression Language expressions for users and reviewers from the Overview section before recreating the campaign. You can delete a campaign that failed to launch from the Actions menu.