The My Security Access Reviews API allows reviewers to manage security access reviews that are assigned to them. These reviews provide a holistic view of a target principal's access to resources such as apps, groups, and entitlements. They're typically triggered as a response to a security or an identiy risk event. Reviewers can assess the target principal's access to resources and take immediate action.
The resource methods in the My Security Access Reviews API only returns security access reviews and corresponding objects that the authenticated requester (as the reviewer) has permission to access.
Lists the security access reviews
| after | string The pagination cursor that points to the last record of the previous request. Example: after=00u68w6vzKLultXS97g6 |
| filter | string A filter expression that filters security access reviews.
The
Query param: ?filter=name co "Git" filter=name%20co%20%22Git%22Query param: ?filter=status eq "ACTIVE" filter=status%20eq%20%22ACTIVE%22Query param: ?filter=reviewer.name co "John" filter=reviewer.name%20co%20%22John%22Query param: ?filter=created gt "2022-05-24T14:15:22Z" filter=created%20gt%20%222022-05-24T14:15:22Z%22 |
| limit | integer [ 1 .. 200 ] Default: 20 The maximum number of records returned in a response |
| orderBy | Array of strings = 1 items Default: ["created asc"] The field to sort the results, in ascending ( Note: Query parameter percent encoding is required. See Percent-encoding Query param: ?orderBy=name desc orderBy=name%20descQuery param: ?orderBy=created desc orderBy=created%20descQuery param: ?orderBy=endTime desc orderBy=endTime%20descQuery param: ?orderBy=status desc orderBy=status%20descQuery param: ?orderBy=id desc orderBy=id%20desc |
A successful security access reviews get response
When authentication fails
When authorization fails
When the requested resource wasn't found
When the rate limit has been exceeded
When there is a server fault due to an unexpected error
{- "data": [
- {
- "id": "sar1qebJYYHgbsOGF0g4",
- "status": "ACTIVE",
- "name": "Test SAR",
- "endTime": "2025-06-20T14:55:27Z",
- "reviewerSettings": {
- "type": "USER",
- "userSettings": {
- "includedUserIds": [
- "00ucpjbi6JMmDvdN40g4",
- "00ucpjbi6JMmDvdN40g5"
], - "includedUserProfiles": [
- {
- "id": "00ucpjbi6JMmDvdN40g4",
- "email": "john.doe@okta.com",
- "firstName": "John",
- "lastName": "Doe",
- "login": "john.doe@okta.com",
- "status": "ACTIVE"
}, - {
- "id": "00ucpjbi6JMmDvdN40g5",
- "email": "jane.doe@okta.com",
- "firstName": "Jane",
- "lastName": "Doe",
- "login": "jane.doe@okta.com",
- "status": "ACTIVE"
}
]
}
}, - "createdBy": "00uco2uaXN7POnPUw0g4",
- "created": "2025-06-13T14:55:28Z",
- "lastUpdated": "2025-06-13T14:55:28Z",
- "lastUpdatedBy": "00uco2uaXN7POnPUw0g4",
- "_links": {
- "securityAccessReviewDetails": {
- "hints": { }
}, - "history": {
- "hints": { }
}, - "accesses": {
- "hints": { }
}, - "actions": {
- "hints": { }
}, - "principalDetails": {
- "hints": { }
}
}
}
], - "_links": {
- "self": {
- "hints": { }
}
}
}Retrieves the statistics for security access reviews
A successful security access reviews stats get response
When authentication fails
When authorization fails
When the requested resource wasn't found
When the rate limit has been exceeded
When there is a server fault due to an unexpected error
{- "activeCount": 1,
- "pendingCount": 0,
- "errorCount": 0,
- "closedCount": 0
}Retrieves a security access review
A successful security access review get response
When authentication fails
When authorization fails
When the requested resource wasn't found
When the rate limit has been exceeded
When there is a server fault due to an unexpected error
{- "id": "sar1lo5X9wmNTFX7x0g4",
- "status": "PENDING",
- "name": "Test SAR",
- "reviewerSettings": {
- "type": "USER",
- "userSettings": {
- "includedUserIds": [
- "00ucpjbi6JMmDvdN40g4",
- "00ucpjbi6JMmDvdN40g5"
], - "includedUserProfiles": [
- {
- "id": "00ucpjbi6JMmDvdN40g4",
- "email": "john.doe@okta.com",
- "firstName": "John",
- "lastName": "Doe",
- "login": "john.doe@okta.com",
- "status": "ACTIVE"
}, - {
- "id": "00ucpjbi6JMmDvdN40g5",
- "email": "jane.doe@okta.com",
- "firstName": "Jane",
- "lastName": "Doe",
- "login": "jane.doe@okta.com",
- "status": "ACTIVE"
}
]
}
}, - "createdBy": "00ucfd4IQoH6YBZgA0g4",
- "created": "2025-06-13T00:40:57Z",
- "lastUpdated": "2025-06-13T00:40:57Z",
- "lastUpdatedBy": "00ucfd4IQoH6YBZgA0g4",
- "_links": {
- "securityAccessReviewDetails": {
}, - "history": {
}, - "userDetails": {
}, - "accesses": {
},
}
}Generates a summary for a security access review
A successful security access review summary response
When authentication fails
When authorization fails
When the requested resource wasn't found
When the rate limit has been exceeded
When there is a server fault due to an unexpected error
{- "message": "This app's overall priority is: High\nThe reasons why this app was assigned priority of High include:\n1. Usage history (HIGH): The user has not accessed this application in the last 90 days.\n2. Assignment method (HIGH): This user's assignment method differs from 75% of other users who have access to this application.\n"
}Lists all of the actions available for a security access review
A successful security access review actions get response
When authentication fails
When authorization fails
When the requested resource wasn't found
When the rate limit has been exceeded
When there is a server fault due to an unexpected error
{- "data": [
- {
- "actionType": "CLOSE_REVIEW"
}, - {
- "actionType": "RESTORE_ALL_ACCESS"
}
]
}Executes a specified action on a security access review
Action initiated successfully
When authentication fails
When authorization fails
When the requested resource wasn't found
When the rate limit has been exceeded
When there is a server fault due to an unexpected error
{- "actionType": "UNIVERSAL_LOGOUT"
}{- "errorCode": "E0000004",
- "errorSummary": "Authentication failed.",
- "errorLink": "E0000004",
- "errorId": "oaeWCGz73hpRCG75VHP6-RRXw",
- "errorCauses": [ ]
}Retrieves the details of a security access review's principal target
A successful security access review principal details get response
When authentication fails
When authorization fails
When the requested resource wasn't found
When the rate limit has been exceeded
When there is a server fault due to an unexpected error
{- "id": "00ucpjbi6JMmDvdN40g4",
- "email": "john.doe@okta.com",
- "firstName": "John",
- "lastName": "Doe",
- "login": "john.doe@okta.com",
- "status": "ACTIVE",
- "department": "Engineering",
- "manager": "Jane Smith",
- "role": "Software Engineer",
- "homeLocation": {
- "city": "San Francisco",
- "state": "CA",
- "country": "USA"
}, - "lastLoginInfo": {
- "date": "2025-06-12T15:30:00Z",
- "location": {
- "city": "San Francisco",
- "state": "CA",
- "country": "USA"
}, - "device": "MacBook Pro",
- "ipAddress": "127.0.0.1"
}, - "oktaAdminRoles": [
- {
- "roleId": "00uabc12345XYZ67890",
- "roleName": "Super Admin"
}
], - "createdBy": "00ucfd4IQoH6YBZgA0g4",
- "created": "2025-06-13T00:40:57Z",
- "lastUpdated": "2025-06-13T00:40:57Z",
- "lastUpdatedBy": "00ucfd4IQoH6YBZgA0g4",
- "_links": {
- "securityAccessReviewDetails": {
}, - "history": {
}, - "userDetails": {
}, - "accesses": {
},
}
}Lists the access items for a specific security access review.
Access items refer to the top-level resources that the security access review's target principal has access to. For example, a top-level resource can be an app, hence the access item describes the principal's access to that app.
| after | string The pagination cursor that points to the last record of the previous request. Example: after=00u68w6vzKLultXS97g6 |
| filter | string A filter expression that filters access items.
Query param: ?filter=name co "Git" filter=name%20co%20%22Git%22Query param: ?filter=priority eq "HIGH" filter=priority%20eq%20%22HIGH%22Query param: ?filter=sodConflictSeverity eq "HIGH" filter=sodConflictSeverity%20eq%20%22HIGH%22Query param: ?filter=assignmentMethodSeverity eq "HIGH" filter=assignmentMethodSeverity%20eq%20%22HIGH%22Query param: ?filter=pastGovernanceDecisionsSeverity eq "HIGH" filter=pastGovernanceDecisionsSeverity%20eq%20%22HIGH%22Query param: ?filter=usageHistorySeverity eq "HIGH" filter=usageHistorySeverity%20eq%20%22HIGH%22Query param: ?filter=governanceLabel co "Crown Jewel" filter=governanceLabel%20co%20%Crown Jewel%22 |
| limit | integer [ 1 .. 200 ] Default: 20 The maximum number of records returned in a response |
| orderBy | Array of strings = 1 items Default: ["priority desc"] The field to sort the results, in ascending (asc) or descending (desc) order. Sorting is applied to only one field.
Query param: ?orderBy=priority desc orderBy=priority%20descQuery param: ?orderBy=lastAccess desc orderBy=lastAccess%20descQuery param: ?orderBy=accessFrequency desc orderBy=accessFrequency%20desc |
A successful security access review access items get response
When authentication fails
When authorization fails
When the requested resource wasn't found
When the rate limit has been exceeded
When there is a server fault due to an unexpected error
{- "data": [
- {
- "id": "aim1pmincO6RY9SYC0g4",
- "type": "APPLICATION",
- "name": "App 2 Assigned By Group",
- "severity": "LOW",
- "supportedActions": [
- "REVOKE_ACCESS"
], - "appInfo": {
- "id": "0oacmnh7uyRdOpCdg0g4",
- "name": "TEST: Secure Password Store",
- "label": "App 2 Assigned By Group",
- "assignedDate": "2025-06-13T14:23:23Z",
- "assignmentType": "GROUP",
- "applicationUsage": 0
}, - "subAccessTypes": [
- "GROUP"
]
}, - {
- "id": "aim1pmjGO1ACFhkxp0g4",
- "type": "APPLICATION",
- "name": "App 1 No Groups",
- "severity": "LOW",
- "supportedActions": [
- "REVOKE_ACCESS"
], - "appInfo": {
- "id": "0oacmmurqSIOjNwS90g4",
- "name": "TEST: Secure Password Store",
- "label": "App 1 No Groups",
- "assignedDate": "2025-06-13T14:23:22Z",
- "assignmentType": "INDIVIDUAL",
- "applicationUsage": 0
}
}, - {
- "id": "aim1pmkobz1YkJx5N0g4",
- "type": "APPLICATION",
- "name": "App 3 With Entitlements",
- "severity": "LOW",
- "supportedActions": [
- "REVOKE_ACCESS"
], - "appInfo": {
- "id": "0oacmo5Hj3n1YOhiK0g4",
- "name": "TEST: Secure Password Store",
- "label": "App 3 With Entitlements",
- "assignedDate": "2025-06-13T14:23:35Z",
- "assignmentType": "INDIVIDUAL",
- "applicationUsage": 0,
- "activeEntitlements": [
- {
- "id": "esp1pkp0iVReYgtKU0g4",
- "name": "unbnaovmin",
- "description": "unbnaovmin Description"
}, - {
- "id": "esp1pldLMJdOb9qI30g4",
- "name": "nozoxxcqiu",
- "description": "nozoxxcqiu Description"
}, - {
- "id": "esp1plgThoMotdYWU0g4",
- "name": "xpfgzmfhop",
- "description": "xpfgzmfhop Description"
}
]
}, - "subAccessTypes": [
- "ENTITLEMENT"
]
}
],
}Lists the sub-access items for an access item from a security access review.
A sub-access item refers to the access of a resource that is a part of a top-level resource in an access item. For example, an access item can describe the access of app, and the sub-access items can describe the access of groups, entitlement values, or entitlement bundles that belong to the app.
| after | string The pagination cursor that points to the last record of the previous request. Example: after=00u68w6vzKLultXS97g6 |
| filter | string A filter expression that filters sub-access items.
Query param: ?filter=name co "Git" filter=name%20co%20%22Git%22Query param: ?filter=resourceType eq "GROUP" filter=resourceType%20eq%20%22HIGH%22Query param: ?filter=priority eq "HIGH" filter=priority%20eq%20%22HIGH%22Query param: ?filter=sodConflictSeverity eq "HIGH" filter=sodConflictSeverity%20eq%20%22HIGH%22Query param: ?filter=assignmentMethodSeverity eq "HIGH" filter=assignmentMethodSeverity%20eq%20%22HIGH%22Query param: ?filter=pastGovernanceDecisionsSeverity eq "HIGH" filter=pastGovernanceDecisionsSeverity%20eq%20%22HIGH%22Query param: ?filter=usageHistorySeverity eq "HIGH" filter=usageHistorySeverity%20eq%20%22HIGH%22Query param: ?filter=governanceLabel co "Crown Jewel" filter=governanceLabel%20co%20%Crown Jewel%22 |
| limit | integer [ 1 .. 200 ] Default: 20 The maximum number of records returned in a response |
| orderBy | Array of strings = 1 items Default: ["priority desc"] A field by which results can be sorted. For now, sorting by a single field is supported. Note: Query parameter percent encoding is required. See Percent-encoding Query param: ?orderBy=priority desc orderBy=priority%20desc |
A successful security access review access items get response
When authentication fails
When authorization fails
When the requested resource wasn't found
When the rate limit has been exceeded
When there is a server fault due to an unexpected error
{- "data": [
- {
- "id": "sai1pml8QCT3vGZco0g4",
- "name": "unbnaovmin: value1",
- "type": "ENTITLEMENT",
- "severity": "LOW",
- "supportedActions": [
- "REVOKE_ACCESS"
], - "entitlementInfo": {
- "type": "ENTITLEMENT_VALUE",
- "description": "value 1 description",
- "entitlementDescription": "unbnaovmin Description",
- "assignmentType": "INDIVIDUAL",
- "collectionsAssigning": [ ],
- "entitlements": [ ],
- "governanceLabels": [ ]
}
}, - {
- "id": "sai1pmmQFzxZreP1L0g4",
- "name": "unbnaovmin: value2",
- "type": "ENTITLEMENT",
- "severity": "LOW",
- "supportedActions": [
- "REVOKE_ACCESS"
], - "entitlementInfo": {
- "type": "ENTITLEMENT_VALUE",
- "description": "value 2 description",
- "entitlementDescription": "unbnaovmin Description",
- "assignmentType": "INDIVIDUAL",
- "collectionsAssigning": [ ],
- "entitlements": [ ],
- "governanceLabels": [ ]
}
}, - {
- "id": "sai1pmngWq0n4IGFi0g4",
- "name": "test bundleaotsw",
- "type": "ENTITLEMENT",
- "severity": "LOW",
- "supportedActions": [
- "REVOKE_ACCESS"
], - "entitlementInfo": {
- "type": "ENTITLEMENT_BUNDLE",
- "description": "test bundle ...",
- "assignmentType": "ACCESS_REQUEST",
- "collectionsAssigning": [ ],
- "entitlements": [
- {
- "id": "esp1pldLMJdOb9qI30g4",
- "name": "nozoxxcqiu",
- "description": "nozoxxcqiu Description"
}, - {
- "id": "esp1plgThoMotdYWU0g4",
- "name": "xpfgzmfhop",
- "description": "xpfgzmfhop Description"
}
], - "governanceLabels": [ ]
}
}
], - "_links": {
}
}Lists the anomalies for an access item in a security access review
A successful security access review anomalies get response
When authentication fails
When authorization fails
When the requested resource wasn't found
When the rate limit has been exceeded
When there is a server fault due to an unexpected error
{- "data": [
- {
- "type": "USAGE_HISTORY",
- "severity": "LOW",
- "subtext": {
- "message": "The user was assigned the app recently, {0}",
- "args": [
- {
- "value": "2025-06-13T15:23:59Z",
- "type": "RELATIVE_DATE_TO_NOW"
}
]
}
}, - {
- "type": "ASSIGNMENT_METHOD",
- "severity": "LOW",
- "subtext": {
- "message": "The user was assigned to the group directly, aligning with {0}% of users who were assigned the same way",
- "args": [
- {
- "value": "100",
- "type": "NUMBER"
}
]
}
}, - {
- "type": "PAST_GOVERNANCE_DECISIONS",
- "severity": "LOW",
- "subtext": {
- "message": "No data found. The assignment has no past governance decisions"
}
}
]
}Generates a summary for an access item in a security access review
A successful security access review summary response
When authentication fails
When authorization fails
When the requested resource wasn't found
When the rate limit has been exceeded
When there is a server fault due to an unexpected error
{- "message": "This app's overall priority is: High\nThe reasons why this app was assigned priority of High include:\n1. Usage history (HIGH): The user has not accessed this application in the last 90 days.\n2. Assignment method (HIGH): This user's assignment method differs from 75% of other users who have access to this application.\n"
}Executes an action on an access or sub-access item in a security access review
Action initiated successfully
When authentication fails
When authorization fails
When the requested resource wasn't found
When the rate limit has been exceeded
When there is a server fault due to an unexpected error
{- "type": "REVOKE_ACCESS"
}{- "errorCode": "E0000004",
- "errorSummary": "Authentication failed.",
- "errorLink": "E0000004",
- "errorId": "oaeWCGz73hpRCG75VHP6-RRXw",
- "errorCauses": [ ]
}Lists the history of actions and changes for a security access review
A successful security access review history get response
When authentication fails
When authorization fails
When the requested resource wasn't found
When the rate limit has been exceeded
When there is a server fault due to an unexpected error
{- "data": [
- {
- "id": "srh1pmhpjmJ6Oyzzx0g4",
- "systemGenerated": true,
- "timestamp": "2025-06-13T14:23:35Z",
- "message": "created Test SAR",
- "principalProfile": {
- "id": "00ucmjraRsXXFRRSK0g4",
- "email": "admin@zwqzmjg4yzetngnimi00nznhlwe2ytmtnzk5ogjjywrkmjyz.com",
- "firstName": "Add-Min",
- "lastName": "O'Cloudy Tud",
- "login": "admin@zwqzmjg4yzetngnimi00nznhlwe2ytmtnzk5ogjjywrkmjyz.com",
- "status": "ACTIVE"
}
}
]
}Adds a comment for a security access review
Comment added successfully
When authentication fails
When authorization fails
When the requested resource wasn't found
When the rate limit has been exceeded
When there is a server fault due to an unexpected error
{- "comment": "string"
}{- "errorCode": "E0000004",
- "errorSummary": "Authentication failed.",
- "errorLink": "E0000004",
- "errorId": "oaeWCGz73hpRCG75VHP6-RRXw",
- "errorCauses": [ ]
}