Investing in commercial-grade technology while access decisions remain bottlenecked by paper-based workflows creates obstacles for the warfighter and the mission. Recognizing this, the U.S. Department of War released its Memorandum, “Modernizing System Authorization Access Requests and Account Provisioning Through Identity, Credential, and Access Management Workflows,” and the associated ICAM Workflow Implementation Guide.
Okta concurrently announces two significant compliance milestones: Okta Identity Governance (OIG) and Okta Workflows are now included in our DISA Provisional Authorization (PA). The Okta Identity as a Service (IdaaS) PA can be found in eMASS, and provides detailed information on the products, impact levels, and systems authorized by DISA.
These new capabilities enable Mission App Owners and Enterprise ICAM Service Providers to automate many identity-related tasks. As an example, one of the capabilities OIG provides is flexible, self-service access requests to automate the System Authorization Access Request (SAAR) process and replace the DD-2875 form for the warfighter at scale.
The path to decommissioning legacy SAAR workflows
The transition from legacy, manual workflows to a modern, automated governance framework is anchored in centralizing identity services where you can, while decentralizing system-level authorization where you must. By creating a real-time synchronization pipeline between an Enterprise ICAM Service Provider and DoW Mission Critical Components, Okta helps ensure that identity operations can scale from the enterprise to the mission.
To meet the June 30, 2026 deadline set by the DoW CIO, an automation-first approach to the SAAR will require:
- Granular Entitlement Management: Utilizing a governance engine to manage fine-grained permissions through automated policies and Infrastructure as Code (IaC), replacing static role mining.
- Continuous Compliance: Implementing recurring access certification campaigns and on-demand security access reviews (such as an Auditor Reporting Package) to maintain end-to-end visibility and real-time traceability of who approved access, when it was granted, and how it was provisioned.
- Interoperability and Accessibility: Leveraging platforms like Slack and Microsoft Teams for access requests and adhering to WCAG 2.2 standards to ensure trusted and expected workflows and inclusive, flexible delivery of access requests.
Building an extensible identity security fabric to strengthen core efficiencies
Catching up to core efficiency and productivity standards sets an agency apart. Modern identity-centric automation tools offer organizations no-code options for building and managing complex functions, maintaining compliance standards, and improving experience management. Using simple “if-this-then-that” logic, Okta Workflows makes it easy to embed automation into any identity-related process, such as customizing warfighter or administrator on- or off-boarding, streamlining audits and reporting, and strengthening security posture.
Ready to modernize your SAAR process and automate identity workflows in your existing ICAM stack? Explore our Guide to modern Identity governance blog series, read our Workflows for Government white paper, or contact our team directly at federal@okta.com to learn more about how Okta for US Military can accelerate your transition to automated, compliant ICAM workflows.
