Announcing Entitlement Management for Okta Identity Governance

Organisations of all sizes are adopting more SaaS applications than ever. According to Okta’s Businesses at Work Report 2023, the average Okta customer uses 89 different applications. Driving a least privileged access approach for each of these applications becomes even more complex when teams have to take into account each application’s unique set of entitlements or roles and licenses. Today, organisations are handling this through siloed management, manual updates, or perhaps with no true management at all. Without a proper governance solution in place, over-permissioning and a reduced security posture become real consequences. 

To help our customers with this challenge, we’re thrilled to announce the introduction of Entitlement Management to Okta Identity Governance (OIG). Entitlement Management is the foundational platform to discover, manage, and govern fine-grained entitlements to your SaaS and on-prem applications. Built with the same principles that we designed OIG with, Entitlement Management is a cloud-native, easy-to-use solution that will open the door for our customers to efficiently manage entitlements from all of their downstream resources in a single pane of glass. As part of a unified platform, our customers will get unparalleled views and context to users’ behaviour while seamlessly working with our other Identity and Access Management products. This critical advancement to OIG will help minimise security gaps, right-size licenses, and meet compliance needs.

New with Entitlement Management

According to the 2023 Verizon Data Breach Investigations Report, 74% of all breaches are caused by humans, including privilege misuse. Getting a proper handle on the different levels of access each identity needs is imperative to workforce productivity and company security. With Entitlement Management, we are launching numerous new capabilities, including:

  • Out-of-the-box-connectors: We are excited to launch five enhanced out-of-the-box connectors to make importing and managing entitlements quick and efficient: Salesforce, Google Workspace, Box, Netsuite, and Office 365. Stay tuned for more connectors to debut in the coming months.
  • Entitlement Management for disconnected resources: Discover, import, and update entitlements for your applications and infrastructure using Okta Workflows, custom connectors, or a CSV. 
  • Virtual roles for resources: Group entitlements into bundles to assign them easily at scale. Policy-driven assignments ensure the right level of access is provided and updated with any changes in the user’s profile.
  • Entitlement-driven governance: Leverage Entitlement data in your Access Requests and Access Certifications processes. End users can request access to applications and entitlements through common collaboration tools like Slack or Teams, making it faster to gain access to tools they need to get their work done. IT Teams can review and certify which users have access to what entitlements to help them keep a strong security posture, meet compliance requirements, and keep license usage in check. 
  • Centralised reporting: Generate out-of-the-box reports to determine who has access to what, at what level, and how they received that access to help meet compliance requirements.

Do more with Entitlement Management

Eliminate management silos

Oftentimes, oversight and management of applications and their entitlements aren’t contained to a single team or department. This leads to over-permissioning and conflicting access levels. With Entitlement Management, you can discover and import entitlements from any resource and manage them from a single pane of glass. This will provide unparalleled view into a user’s total access and allow IT teams to allow or revoke access based on context.

Easily and efficiently assign entitlements

The tools an end user needs to be successful fluctuate depending on their role or special projects they are involved in. By using Access Requests to assign entitlements, you can provide end-user-friendly descriptions so they know what they need to request and add in parameters so they can only request what has been deemed appropriate for them. This speeds up the provisioning process and allows the approval process to flow through the right people without a second thought.

Right-size roles and licenses

Implementing a least privileged access strategy down to your entitlements becomes easier with Okta’s governance capabilities. Access Certification and Reporting will provide a bird’s-eye view into who has access to what and additional details like the last time a user logged in to an application. By scheduling recurring campaigns, teams can provide the appropriate access and remove anyone who no longer needs a certain level of access. This will help ensure that only the right users have the right level of access to the right systems.

Getting started with Entitlement Management

Entitlement Management is now Generally Available for all OIG customers. Get started by visiting our documentation or reaching out to your CSM. If you’re interested in trying out Identity Governance for the first time, begin your free trial.