Okta access certification reviews evaluate and make decisions about a user’s current resource access. Each review is associated with one campaign, whereas a campaign can contain many reviews. Retrieve and reassign reviews with the following reviews APIs.
See Review an access certification campaign for more information on the review process.
Access Certification Administratorokta.governance.accessCertifications.readLists reviews for your organization.
You can return a subset of reviews if a filter expression (?filter=) is provided.
Supported filters are:
campaignId: stringprincipalId: stringreviewerId: stringdecision: string (APPROVE, REVOKE, UNREVIEWED)resourceId: string (GroupId or AppId)reviewerType: string (USER or GROUP or RESOURCE_OWNER)reviewerLevel: string (FIRST or SECOND)entitlementValueId: stringentitlementBundleId: stringassignmentType: stringPagination parameters are accepted, and standard link headers are in the response.
Reviews exist only for campaigns that have been launched with a status of ACTIVE or COMPLETED.
Also note that, if reviews are still UNREVIEWED, then the property decided would be null. If the remediation is not completed, then remediationStatus would be null too.
The order criteria (orderBy) applies to the following properties: decided, decision, remediationStatus, created, and assignmentType.
By default, results are sorted by created.
| after | string The after cursor provided by a prior request. |
| filter | string Apply various filters by using supported review filtering properties. Note: Query parameter percent encoding is required. See Percent-encoding Query param: ?filter=campaignId eq "icitdyhndQ6qstyvR8g5" filter=campaignId%20eq%20%22icitdyhndQ6qstyvR8g5%22Query param: ?filter=decision eq "UNREVIEWED" filter=decision%20eq%20%22UNREVIEWED%22Query param: ?filter=reviewerId eq "00u5v5viPvg84h0W68g4" filter=reviewerId%20eq%20%2200u5v5viPvg84h0W68g4%22Query param: ?filter=resourceId eq "00gyqjxNrsh764hjs784" filter=resourceId%20eq%20%2200gyqjxNrsh764hjs784%22Query param: ?filter=resourceId eq "00ayqjxNrZD11n4w40g3" filter=resourceId%20eq%20%2200ayqjxNrZD11n4w40g3%22Query param: ?filter=principalId eq "2200u5v5viPvg84h0W68g4" filter=principalId%20eq%20%2200u5v5viPvg84h0W68g4%22Query param: ?filter=reviewerType eq "USER" filter=reviewerType%20eq%20USERQuery param: ?filter=reviewerLevel eq "FIRST" filter=reviewerLevel%20eq%20FIRSTQuery param: ?filter=entitlementValueId eq "enthzzPJAXvaYQ71T0g3" filter=entitlementValueId%20eq%20%22enthzzPJAXvaYQ71T0g3%22Query param: ?filter=entitlementType eq "enbisi7xt3iBd39Bn0g3" filter=entitlementBundleId%20eq%22enbisi7xt3iBd39Bn0g3%22Query param: ?filter=assignmentType eq "CUSTOM" filter=assignmentType%20eq%20CUSTOM |
| limit | integer [ 1 .. 200 ] Default: 20 The maximum number of records that will be returned in a given result. |
| orderBy | Array of strings = 1 items Default: ["created asc"] A field by which results can be sorted. For now, sorting by a single field is supported. Note: Query parameter percent encoding is required. See Percent-encoding Query param: ?orderBy=decided desc orderBy=decided%20descQuery param: ?orderBy=decision desc orderBy=decision%20descQuery param: ?orderBy=remediationStatus desc orderBy=remediationStatus%20descQuery param: ?orderBy=created desc orderBy=created%20descQuery param: ?orderBy=assignmentType desc orderBy=assignmentType%20desc |
A successful review list response
An invalid list request
When authentication fails
When authorization fails
When there is a server fault due to an unexpected error
The list of reviews that belong to that campaign.
{- "data": [
- {
- "campaignId": "icitdyhndQ6qstyvR8g5",
- "resourceId": "00gco5q3vQ20oPncs8g5",
- "decided": "2019-08-24T14:15:22Z",
- "principalProfile": {
- "id": "00u28w6vzKKultXP98g5",
- "email": "juan.favorito_yx6pxhul@foobar.com",
- "firstName": "Juan",
- "lastName": "Favorito",
- "status": "ACTIVE"
}, - "reviewerProfile": {
- "id": "00u5v5viPvg84h0W68g4",
- "email": "admin@admin.com",
- "firstName": "admin",
- "lastName": "admin",
- "status": "ACTIVE"
}, - "assignmentType": "GROUP",
- "decision": "APPROVE",
- "remediationStatus": "NONE",
- "reviewerType": "USER",
- "id": "icrtg6mwccZTRc6Ub8g5",
- "created": "2019-08-24T14:15:22Z",
- "createdBy": "00ub0oNGTSWTBKOLGLNR",
- "lastUpdated": "2019-08-24T14:15:22Z",
- "lastUpdatedBy": "00ub0oNGTSWTBKOLGLNR",
- "_links": {
- "reassignReview": {
}
}
}
], - "_links": {
}
}Access Certification Administratorokta.governance.accessCertifications.manageReassigns a review to another reviewer.
Reassigning a review is useful in cases where the currently assigned reviewer is not able to make a decision before the campaign ends.
Only reviews belonging to campaigns with a status of READY can be reassigned. And only those reviews with decision UNREVIEWED can be reassigned.
If reviews are currently being reviewed by a group (when reviewerType is GROUP or RESOURCE_OWNER), on reassignment, reviews is directly assigned to the chosen new reviewer and reviewerType is changed to USER.
A valid reassignment changes an existing reviewer to a new reviewer (userId), and appends the change to the reassignment history.
To reassign a set of reviews, you must specify:
the Okta user.id of the new reviewer
a list of reviewIds to be re-assigned
The reviewerLevel at which the reviews needs to be re-assigned (Applicable only for multi level campaigns)
a note justifying the reassignment decision for the specified reviews
The operation payload for reviews reassignment
A successful reassign reviews response
An invalid request to reassign reviews
When authentication fails
When authorization fails
When the review(s) is/are already reassigned to intended reviewer.
When there is a server fault due to an unexpected error
{- "reviewerId": "00u31c7qMRUfrhdew0g4",
- "reviewIds": [
- "icrhdk4Lwhd2bBRQe0g2",
- "icrhew4DFTxygUUgE0g2",
- "icrhfvRCfGCHk3y2h0g2"
], - "note": "John Smith is on leave for this month. His manager Tim will be the reviewer instead."
}The list of reviews that are reassigned.
{- "data": [
- {
- "campaignId": "icitdyhndQ6qstyvR8g5",
- "resourceId": "00gco5q3vQ20oPncs8g5",
- "principalProfile": {
- "id": "00u28w6vzKKultXP98g5",
- "email": "juan.favorito@foobar.com",
- "firstName": "Juan",
- "lastName": "Favorito",
- "status": "ACTIVE"
}, - "reviewerProfile": {
- "id": "00u31c7qMRUfrhdew0g4",
- "email": "admin@admin.com",
- "firstName": "admin",
- "lastName": "admin",
- "status": "ACTIVE"
}, - "assignmentType": "GROUP",
- "decision": "UNREVIEWED",
- "remediationStatus": "NONE",
- "reviewerType": "USER",
- "id": "icrhdk4Lwhd2bBRQe0g2",
- "created": "2019-08-24T14:15:22Z",
- "createdBy": "00ub0oNGTSWTBKOLGLNR",
- "lastUpdated": "2019-08-24T14:15:22Z",
- "lastUpdatedBy": "00ub0oNGTSWTBKOLGLNR",
- "_links": {
- "reassignReview": {
}
}
}, - {
- "campaignId": "icitdyhndQ6qstyvR8g5",
- "resourceId": "00gco5q3vQ20oPncs8g5",
- "principalProfile": {
- "id": "00u2iudyie873",
- "email": "juan.favorito2@foobar.com",
- "firstName": "Juan",
- "lastName": "Favorito",
- "status": "ACTIVE"
}, - "reviewerProfile": {
- "id": "00u31c7qMRUfrhdew0g4",
- "email": "admin@admin.com",
- "firstName": "admin",
- "lastName": "admin",
- "status": "ACTIVE"
}, - "assignmentType": "GROUP",
- "decision": "UNREVIEWED",
- "remediationStatus": "NONE",
- "reviewerType": "USER",
- "id": "icrhew4DFTxygUUgE0g2",
- "created": "2019-08-24T14:15:22Z",
- "createdBy": "00ub0oNGTSWTBKOLGLNR",
- "lastUpdated": "2019-08-24T14:15:22Z",
- "lastUpdatedBy": "00ub0oNGTSWTBKOLGLNR",
- "_links": {
- "reassignReview": {
}
}
}, - {
- "campaignId": "icitdyhndQ6qstyvR8g5",
- "resourceId": "00gco5q3vQ20oPncs8g5",
- "principalProfile": {
- "id": "00847dfjhgd98",
- "email": "juan.favorito1@foobar.com",
- "firstName": "Juan",
- "lastName": "Favorito",
- "status": "ACTIVE"
}, - "reviewerProfile": {
- "id": "00u31c7qMRUfrhdew0g4",
- "email": "admin@admin.com",
- "firstName": "admin",
- "lastName": "admin",
- "status": "ACTIVE"
}, - "assignmentType": "GROUP",
- "decision": "UNREVIEWED",
- "remediationStatus": "NONE",
- "reviewerType": "USER",
- "id": "icrhfvRCfGCHk3y2h0g2",
- "created": "2019-08-24T14:15:22Z",
- "createdBy": "00ub0oNGTSWTBKOLGLNR",
- "lastUpdated": "2019-08-24T14:15:22Z",
- "lastUpdatedBy": "00ub0oNGTSWTBKOLGLNR",
- "_links": {
- "reassignReview": {
}
}
}
], - "_links": {
}
}Access Certification Administratorokta.governance.accessCertifications.readRetrieves the full representation of a specific review.
More information is returned than the abbreviated representation in a List reviews operation.
Also note that, if reviews are still UNREVIEWED, then the property decided would be null. If the remediation is not completed, then remediationStatus would be null too.
A successful review response
When authentication fails
When authorization fails
When the requested resource was not found
When the rate limit has been exceeded
When there is a server fault due to an unexpected error
Success response to get a review details.
{- "campaignId": "icitdyhndQ6qstyvR8g5",
- "resourceId": "00gco5q3vQ20oPncs8g5",
- "decided": "2019-08-24T14:15:22Z",
- "principalProfile": {
- "id": "00u28w6vzKKultXP98g5",
- "email": "juan.favorito_yx6pxhul@foobar.com",
- "firstName": "Juan",
- "lastName": "Favorito",
- "status": "ACTIVE"
}, - "reviewerProfile": {
- "id": "00u5v5viPvg84h0W68g4",
- "email": "admin@admin.com",
- "firstName": "admin",
- "lastName": "admin",
- "status": "ACTIVE"
}, - "assignmentType": "GROUP",
- "decision": "APPROVE",
- "remediationStatus": "SUCCESS",
- "note": {
- "id": "389dhie83",
- "note": "reason for approval"
}, - "id": "icrtg6mwccZTRc6Ub8g5",
- "reviewerType": "USER",
- "created": "2019-08-24T14:15:22Z",
- "createdBy": "00ub0oNGTSWTBKOLGLNR",
- "lastUpdated": "2019-08-24T14:15:22Z",
- "lastUpdatedBy": "00ub0oNGTSWTBKOLGLNR",
- "_links": {
- "reassignReview": {
}
}
}