The Security Access Reviews API allows admins to manage security access reviews. These reviews provide a holistic view of a principal's access to resources, such as apps, groups, and entitlements. Designated reviewers can assess the target principal's access to resources and take immediate action. Security access reviews are typically triggered as a response to a security or policy evaluation event. Therefore, they’re time-sensitive and require prompt attention from reviewers.
Lists all security access reviews
| after | string The pagination cursor that points to the last record of the previous request. Example: after=00u68w6vzKLultXS97g6 |
| filter | string A filter expression that filters security access reviews.
The
Query param: ?filter=name co "Git" filter=name%20co%20%22Git%22Query param: ?filter=status eq "ACTIVE" filter=status%20eq%20%22ACTIVE%22Query param: ?filter=reviewer.name co "John" filter=reviewer.name%20co%20%22John%22Query param: ?filter=created gt "2022-05-24T14:15:22Z" filter=created%20gt%20%222022-05-24T14:15:22Z%22 |
| limit | integer [ 1 .. 200 ] Default: 20 The maximum number of records returned in a response |
| orderBy | Array of strings = 1 items Default: ["created asc"] The field to sort the results, in ascending ( Note: Query parameter percent encoding is required. See Percent-encoding Query param: ?orderBy=name desc orderBy=name%20descQuery param: ?orderBy=created desc orderBy=created%20descQuery param: ?orderBy=endTime desc orderBy=endTime%20descQuery param: ?orderBy=status desc orderBy=status%20descQuery param: ?orderBy=id desc orderBy=id%20desc |
A successful security access reviews get response
When authentication fails
When authorization fails
When the requested resource wasn't found
When the rate limit has been exceeded
When there is a server fault due to an unexpected error
{- "data": [
- {
- "id": "sar1qebJYYHgbsOGF0g4",
- "status": "ACTIVE",
- "name": "Test SAR",
- "endTime": "2025-06-20T14:55:27Z",
- "reviewerSettings": {
- "type": "USER",
- "userSettings": {
- "includedUserIds": [
- "00ucpjbi6JMmDvdN40g4",
- "00ucpjbi6JMmDvdN40g5"
], - "includedUserProfiles": [
- {
- "id": "00ucpjbi6JMmDvdN40g4",
- "email": "john.doe@okta.com",
- "firstName": "John",
- "lastName": "Doe",
- "login": "john.doe@okta.com",
- "status": "ACTIVE"
}, - {
- "id": "00ucpjbi6JMmDvdN40g5",
- "email": "jane.doe@okta.com",
- "firstName": "Jane",
- "lastName": "Doe",
- "login": "jane.doe@okta.com",
- "status": "ACTIVE"
}
]
}
}, - "createdBy": "00uco2uaXN7POnPUw0g4",
- "created": "2025-06-13T14:55:28Z",
- "lastUpdated": "2025-06-13T14:55:28Z",
- "lastUpdatedBy": "00uco2uaXN7POnPUw0g4",
- "_links": {
- "securityAccessReviewDetails": {
- "hints": { }
}, - "history": {
- "hints": { }
}, - "accesses": {
- "hints": { }
}, - "actions": {
- "hints": { }
}, - "principalDetails": {
- "hints": { }
}
}
}
], - "_links": {
- "self": {
- "hints": { }
}
}
}Creates a security access review for a target principal (such as a user)
A successful security access reviews post response
When authentication fails
When authorization fails
When the requested resource wasn't found
When the rate limit has been exceeded
When there is a server fault due to an unexpected error
{- "principalId": "00ucpjbi6JMmDvdN40g4",
- "name": "Test SAR",
- "reviewerSettings": {
- "type": "USER",
- "userSettings": {
- "includedUserIds": [
- "00ucpjbi6JMmDvdN40g4",
- "00ucpjbi6JMmDvdN40g5"
]
}
}
}{- "id": "sar1lo5X9wmNTFX7x0g4",
- "status": "PENDING",
- "name": "Test SAR",
- "reviewerSettings": {
- "type": "USER",
- "userSettings": {
- "includedUserIds": [
- "00ucpjbi6JMmDvdN40g4",
- "00ucpjbi6JMmDvdN40g5"
], - "includedUserProfiles": [
- {
- "id": "00ucpjbi6JMmDvdN40g4",
- "email": "john.doe@okta.com",
- "firstName": "John",
- "lastName": "Doe",
- "login": "john.doe@okta.com",
- "status": "ACTIVE"
}, - {
- "id": "00ucpjbi6JMmDvdN40g5",
- "email": "jane.doe@okta.com",
- "firstName": "Jane",
- "lastName": "Doe",
- "login": "jane.doe@okta.com",
- "status": "ACTIVE"
}
]
}
}, - "createdBy": "00ucfd4IQoH6YBZgA0g4",
- "created": "2025-06-13T00:40:57Z",
- "lastUpdated": "2025-06-13T00:40:57Z",
- "lastUpdatedBy": "00ucfd4IQoH6YBZgA0g4",
- "_links": {
- "securityAccessReviewDetails": {
}, - "history": {
}, - "userDetails": {
}, - "accesses": {
},
}
}Retrieves the statistics for security access reviews in an org
A successful security access reviews stats get response
When authentication fails
When authorization fails
When the requested resource wasn't found
When the rate limit has been exceeded
When there is a server fault due to an unexpected error
{- "activeCount": 1,
- "pendingCount": 0,
- "errorCount": 0,
- "closedCount": 0
}Retrieves a security access review
A successful security access review get response
When authentication fails
When authorization fails
When the requested resource wasn't found
When the rate limit has been exceeded
When there is a server fault due to an unexpected error
{- "id": "sar1lo5X9wmNTFX7x0g4",
- "status": "PENDING",
- "name": "Test SAR",
- "reviewerSettings": {
- "type": "USER",
- "userSettings": {
- "includedUserIds": [
- "00ucpjbi6JMmDvdN40g4",
- "00ucpjbi6JMmDvdN40g5"
], - "includedUserProfiles": [
- {
- "id": "00ucpjbi6JMmDvdN40g4",
- "email": "john.doe@okta.com",
- "firstName": "John",
- "lastName": "Doe",
- "login": "john.doe@okta.com",
- "status": "ACTIVE"
}, - {
- "id": "00ucpjbi6JMmDvdN40g5",
- "email": "jane.doe@okta.com",
- "firstName": "Jane",
- "lastName": "Doe",
- "login": "jane.doe@okta.com",
- "status": "ACTIVE"
}
]
}
}, - "createdBy": "00ucfd4IQoH6YBZgA0g4",
- "created": "2025-06-13T00:40:57Z",
- "lastUpdated": "2025-06-13T00:40:57Z",
- "lastUpdatedBy": "00ucfd4IQoH6YBZgA0g4",
- "_links": {
- "securityAccessReviewDetails": {
}, - "history": {
}, - "userDetails": {
}, - "accesses": {
},
}
}Generates a summary for a security access review
A successful security access review summary response
When authentication fails
When authorization fails
When the requested resource wasn't found
When the rate limit has been exceeded
When there is a server fault due to an unexpected error
{- "message": "This app's overall priority is: High\nThe reasons why this app was assigned priority of High include:\n1. Usage history (HIGH): The user has not accessed this application in the last 90 days.\n2. Assignment method (HIGH): This user's assignment method differs from 75% of other users who have access to this application.\n"
}Lists the available actions for a specific security access review
A successful security access review actions get response
When authentication fails
When authorization fails
When the requested resource wasn't found
When the rate limit has been exceeded
When there is a server fault due to an unexpected error
{- "data": [
- {
- "actionType": "CLOSE_REVIEW"
}, - {
- "actionType": "RESTORE_ALL_ACCESS"
}
]
}Executes a specified action on a security access review
Action initiated successfully
When authentication fails
When authorization fails
When the requested resource wasn't found
When the rate limit has been exceeded
When there is a server fault due to an unexpected error
{- "actionType": "UNIVERSAL_LOGOUT"
}{- "errorCode": "E0000004",
- "errorSummary": "Authentication failed.",
- "errorLink": "E0000004",
- "errorId": "oaeWCGz73hpRCG75VHP6-RRXw",
- "errorCauses": [ ]
}Retrieves the details of a security access review's principal target
A successful security access review principal details get response
When authentication fails
When authorization fails
When the requested resource wasn't found
When the rate limit has been exceeded
When there is a server fault due to an unexpected error
{- "id": "00ucpjbi6JMmDvdN40g4",
- "email": "john.doe@okta.com",
- "firstName": "John",
- "lastName": "Doe",
- "login": "john.doe@okta.com",
- "status": "ACTIVE",
- "department": "Engineering",
- "manager": "Jane Smith",
- "role": "Software Engineer",
- "homeLocation": {
- "city": "San Francisco",
- "state": "CA",
- "country": "USA"
}, - "lastLoginInfo": {
- "date": "2025-06-12T15:30:00Z",
- "location": {
- "city": "San Francisco",
- "state": "CA",
- "country": "USA"
}, - "device": "MacBook Pro",
- "ipAddress": "127.0.0.1"
}, - "oktaAdminRoles": [
- {
- "roleId": "00uabc12345XYZ67890",
- "roleName": "Super Admin"
}
], - "createdBy": "00ucfd4IQoH6YBZgA0g4",
- "created": "2025-06-13T00:40:57Z",
- "lastUpdated": "2025-06-13T00:40:57Z",
- "lastUpdatedBy": "00ucfd4IQoH6YBZgA0g4",
- "_links": {
- "securityAccessReviewDetails": {
}, - "history": {
}, - "userDetails": {
}, - "accesses": {
},
}
}Lists the access items for a specific security access review.
Access items refer to the top-level resources that the security access review's target principal has access to. For example, a top-level resource can be an app, hence the access item describes the principal's access to that app.
| after | string The pagination cursor that points to the last record of the previous request. Example: after=00u68w6vzKLultXS97g6 |
| filter | string A filter expression that filters access items.
Query param: ?filter=name co "Git" filter=name%20co%20%22Git%22Query param: ?filter=priority eq "HIGH" filter=priority%20eq%20%22HIGH%22Query param: ?filter=sodConflictSeverity eq "HIGH" filter=sodConflictSeverity%20eq%20%22HIGH%22Query param: ?filter=assignmentMethodSeverity eq "HIGH" filter=assignmentMethodSeverity%20eq%20%22HIGH%22Query param: ?filter=pastGovernanceDecisionsSeverity eq "HIGH" filter=pastGovernanceDecisionsSeverity%20eq%20%22HIGH%22Query param: ?filter=usageHistorySeverity eq "HIGH" filter=usageHistorySeverity%20eq%20%22HIGH%22Query param: ?filter=governanceLabel co "Crown Jewel" filter=governanceLabel%20co%20%Crown Jewel%22 |
| limit | integer [ 1 .. 200 ] Default: 20 The maximum number of records returned in a response |
| orderBy | Array of strings = 1 items Default: ["priority desc"] The field to sort the results, in ascending (asc) or descending (desc) order. Sorting is applied to only one field.
Query param: ?orderBy=priority desc orderBy=priority%20descQuery param: ?orderBy=lastAccess desc orderBy=lastAccess%20descQuery param: ?orderBy=accessFrequency desc orderBy=accessFrequency%20desc |
A successful security access review access items get response
When authentication fails
When authorization fails
When the requested resource wasn't found
When the rate limit has been exceeded
When there is a server fault due to an unexpected error
{- "data": [
- {
- "id": "aim1pmincO6RY9SYC0g4",
- "type": "APPLICATION",
- "name": "App 2 Assigned By Group",
- "severity": "LOW",
- "supportedActions": [
- "REVOKE_ACCESS"
], - "appInfo": {
- "id": "0oacmnh7uyRdOpCdg0g4",
- "name": "TEST: Secure Password Store",
- "label": "App 2 Assigned By Group",
- "assignedDate": "2025-06-13T14:23:23Z",
- "assignmentType": "GROUP",
- "applicationUsage": 0
}, - "subAccessTypes": [
- "GROUP"
]
}, - {
- "id": "aim1pmjGO1ACFhkxp0g4",
- "type": "APPLICATION",
- "name": "App 1 No Groups",
- "severity": "LOW",
- "supportedActions": [
- "REVOKE_ACCESS"
], - "appInfo": {
- "id": "0oacmmurqSIOjNwS90g4",
- "name": "TEST: Secure Password Store",
- "label": "App 1 No Groups",
- "assignedDate": "2025-06-13T14:23:22Z",
- "assignmentType": "INDIVIDUAL",
- "applicationUsage": 0
}
}, - {
- "id": "aim1pmkobz1YkJx5N0g4",
- "type": "APPLICATION",
- "name": "App 3 With Entitlements",
- "severity": "LOW",
- "supportedActions": [
- "REVOKE_ACCESS"
], - "appInfo": {
- "id": "0oacmo5Hj3n1YOhiK0g4",
- "name": "TEST: Secure Password Store",
- "label": "App 3 With Entitlements",
- "assignedDate": "2025-06-13T14:23:35Z",
- "assignmentType": "INDIVIDUAL",
- "applicationUsage": 0,
- "activeEntitlements": [
- {
- "id": "esp1pkp0iVReYgtKU0g4",
- "name": "unbnaovmin",
- "description": "unbnaovmin Description"
}, - {
- "id": "esp1pldLMJdOb9qI30g4",
- "name": "nozoxxcqiu",
- "description": "nozoxxcqiu Description"
}, - {
- "id": "esp1plgThoMotdYWU0g4",
- "name": "xpfgzmfhop",
- "description": "xpfgzmfhop Description"
}
]
}, - "subAccessTypes": [
- "ENTITLEMENT"
]
}
],
}Lists the sub-access items for an access item from a security access review.
A sub-access item refers to the access of a resource that is a part of a top-level resource in an access item. For example, an access item can describe the access of app, and the sub-access items can describe the access of groups, entitlement values, or entitlement bundles that belong to the app.
| after | string The pagination cursor that points to the last record of the previous request. Example: after=00u68w6vzKLultXS97g6 |
| filter | string A filter expression that filters sub-access items.
Query param: ?filter=name co "Git" filter=name%20co%20%22Git%22Query param: ?filter=resourceType eq "GROUP" filter=resourceType%20eq%20%22HIGH%22Query param: ?filter=priority eq "HIGH" filter=priority%20eq%20%22HIGH%22Query param: ?filter=sodConflictSeverity eq "HIGH" filter=sodConflictSeverity%20eq%20%22HIGH%22Query param: ?filter=assignmentMethodSeverity eq "HIGH" filter=assignmentMethodSeverity%20eq%20%22HIGH%22Query param: ?filter=pastGovernanceDecisionsSeverity eq "HIGH" filter=pastGovernanceDecisionsSeverity%20eq%20%22HIGH%22Query param: ?filter=usageHistorySeverity eq "HIGH" filter=usageHistorySeverity%20eq%20%22HIGH%22Query param: ?filter=governanceLabel co "Crown Jewel" filter=governanceLabel%20co%20%Crown Jewel%22 |
| limit | integer [ 1 .. 200 ] Default: 20 The maximum number of records returned in a response |
| orderBy | Array of strings = 1 items Default: ["priority desc"] A field by which results can be sorted. For now, sorting by a single field is supported. Note: Query parameter percent encoding is required. See Percent-encoding Query param: ?orderBy=priority desc orderBy=priority%20desc |
A successful security access review access items get response
When authentication fails
When authorization fails
When the requested resource wasn't found
When the rate limit has been exceeded
When there is a server fault due to an unexpected error
{- "data": [
- {
- "id": "sai1pml8QCT3vGZco0g4",
- "name": "unbnaovmin: value1",
- "type": "ENTITLEMENT",
- "severity": "LOW",
- "supportedActions": [
- "REVOKE_ACCESS"
], - "entitlementInfo": {
- "type": "ENTITLEMENT_VALUE",
- "description": "value 1 description",
- "entitlementDescription": "unbnaovmin Description",
- "assignmentType": "INDIVIDUAL",
- "collectionsAssigning": [ ],
- "entitlements": [ ],
- "governanceLabels": [ ]
}
}, - {
- "id": "sai1pmmQFzxZreP1L0g4",
- "name": "unbnaovmin: value2",
- "type": "ENTITLEMENT",
- "severity": "LOW",
- "supportedActions": [
- "REVOKE_ACCESS"
], - "entitlementInfo": {
- "type": "ENTITLEMENT_VALUE",
- "description": "value 2 description",
- "entitlementDescription": "unbnaovmin Description",
- "assignmentType": "INDIVIDUAL",
- "collectionsAssigning": [ ],
- "entitlements": [ ],
- "governanceLabels": [ ]
}
}, - {
- "id": "sai1pmngWq0n4IGFi0g4",
- "name": "test bundleaotsw",
- "type": "ENTITLEMENT",
- "severity": "LOW",
- "supportedActions": [
- "REVOKE_ACCESS"
], - "entitlementInfo": {
- "type": "ENTITLEMENT_BUNDLE",
- "description": "test bundle ...",
- "assignmentType": "ACCESS_REQUEST",
- "collectionsAssigning": [ ],
- "entitlements": [
- {
- "id": "esp1pldLMJdOb9qI30g4",
- "name": "nozoxxcqiu",
- "description": "nozoxxcqiu Description"
}, - {
- "id": "esp1plgThoMotdYWU0g4",
- "name": "xpfgzmfhop",
- "description": "xpfgzmfhop Description"
}
], - "governanceLabels": [ ]
}
}
], - "_links": {
}
}Lists the anomalies for an access item
A successful security access review anomalies get response
When authentication fails
When authorization fails
When the requested resource wasn't found
When the rate limit has been exceeded
When there is a server fault due to an unexpected error
{- "data": [
- {
- "type": "USAGE_HISTORY",
- "severity": "LOW",
- "subtext": {
- "message": "The user was assigned the app recently, {0}",
- "args": [
- {
- "value": "2025-06-13T15:23:59Z",
- "type": "RELATIVE_DATE_TO_NOW"
}
]
}
}, - {
- "type": "ASSIGNMENT_METHOD",
- "severity": "LOW",
- "subtext": {
- "message": "The user was assigned to the group directly, aligning with {0}% of users who were assigned the same way",
- "args": [
- {
- "value": "100",
- "type": "NUMBER"
}
]
}
}, - {
- "type": "PAST_GOVERNANCE_DECISIONS",
- "severity": "LOW",
- "subtext": {
- "message": "No data found. The assignment has no past governance decisions"
}
}
]
}Generates a summary for an access item in a security access review
A successful security access review summary response
When authentication fails
When authorization fails
When the requested resource wasn't found
When the rate limit has been exceeded
When there is a server fault due to an unexpected error
{- "message": "This app's overall priority is: High\nThe reasons why this app was assigned priority of High include:\n1. Usage history (HIGH): The user has not accessed this application in the last 90 days.\n2. Assignment method (HIGH): This user's assignment method differs from 75% of other users who have access to this application.\n"
}Executes an action on an access or sub-access item in a security access review
Action initiated successfully
When authentication fails
When authorization fails
When the requested resource wasn't found
When the rate limit has been exceeded
When there is a server fault due to an unexpected error
{- "type": "REVOKE_ACCESS"
}{- "errorCode": "E0000004",
- "errorSummary": "Authentication failed.",
- "errorLink": "E0000004",
- "errorId": "oaeWCGz73hpRCG75VHP6-RRXw",
- "errorCauses": [ ]
}Lists the history of actions and changes for a specific security access review
A successful security access review history get response
When authentication fails
When authorization fails
When the requested resource wasn't found
When the rate limit has been exceeded
When there is a server fault due to an unexpected error
{- "data": [
- {
- "id": "srh1pmhpjmJ6Oyzzx0g4",
- "systemGenerated": true,
- "timestamp": "2025-06-13T14:23:35Z",
- "message": "created Test SAR",
- "principalProfile": {
- "id": "00ucmjraRsXXFRRSK0g4",
- "email": "admin@zwqzmjg4yzetngnimi00nznhlwe2ytmtnzk5ogjjywrkmjyz.com",
- "firstName": "Add-Min",
- "lastName": "O'Cloudy Tud",
- "login": "admin@zwqzmjg4yzetngnimi00nznhlwe2ytmtnzk5ogjjywrkmjyz.com",
- "status": "ACTIVE"
}
}
]
}Adds a comment for a specific security access review
Comment added successfully
When authentication fails
When authorization fails
When the requested resource wasn't found
When the rate limit has been exceeded
When there is a server fault due to an unexpected error
{- "comment": "string"
}{- "errorCode": "E0000004",
- "errorSummary": "Authentication failed.",
- "errorLink": "E0000004",
- "errorId": "oaeWCGz73hpRCG75VHP6-RRXw",
- "errorCauses": [ ]
}