Review campaigns
Use Access Certifications campaigns to periodically review users' access to resources. During a campaign, a campaign creator determines the users, resources, and reviewers that are part of the campaign.
If you’re assigned as a reviewer for one or more items in a campaign, you’re granted access to the Okta Access Certification Reviews application in your dashboard. You can review and make decisions about a user’s current access in the app.
Use the app to approve or revoke a user’s access, or reassign the review item to another user if needed. Your decisions on review items are final and you can’t change them.
When the campaign has self-reviews disabled, admins can’t approve, revoke, or reassign their own review item.
Best practices
- Verify your decisions before making them. When you submit a decision for a review item, it’s final and the action takes place immediately.
- Add a business justification to provide context on the decision you made, whether that is to approve or revoke access. This note is visible to you and the campaign administrator. When reassigning a review item, the justification is visible to the user who you reassigned the review item to.
- You can reassign a review item to another user if you think they’re better suited to review a user’s access. Reassigning a review item doesn’t extend the campaign’s end date. The new reviewer must approve or revoke access before the campaign ends.
-
For campaigns with multilevel reviews, keep the following considerations in mind:
-
Some review items are sent to second-level reviewers.
-
The second-level reviewer can take a decision only after the first-level review approves or revokes a review item. It’s important for the first-level reviewers to finish the reviews on time to avoid blocking the campaign’s progress.
-
The second-level reviewer can view the first-level reviewer’s decision and the justification for a review item.
-
The final reviewer varies depending on the campaign’s configuration.
-
Remediation occurs only for the decisions of the final reviewer. See Remediation settings.
-
Start this task
- On the End-User Dashboard, click Okta Access Certification Reviews.
- On the My reviews page, go to the Open tab, and select the access certification campaign that you want to begin reviewing.
- Select a review item to view more details about the user and resource you're reviewing, and the user’s resource usage.
The review pane includes:
- User Details: Information pulled directly from their user profile in Okta.
- Resource Details: This section contains the following information:
- The application or group that you're reviewing.
- When the user last accessed the application and any previous reviews related to access. After you’ve completed a review, you can also review the decision and business justification you completed.
- When the user's access to the application or group was last reviewed.
- When the application was assigned to the user.
- The entitlements that the user has for the resources. Currently, you can only view users' entitlements for AWS, Box, NetSuite, O365, and Salesforce apps.
- History: This section contains useful information such as details about the initial assignment, business justification for the reassignment, details of the assigned reviewer, and the reviewers' decision.
- Click Approve or Revoke. Provide a business justification for your decision. When you approve or revoke access, the remediation process begins immediately.
You can reassign a review item to another user if you think they’re better suited to review a user’s access. See Reassign review items.
- Click Submit.
You can also select multiple review items and approve or revoke access or reassign the reviews for the selected items. You can only take one action at a time and the business justification that you enter applies to the selected review items.