On this page
Okta Identity Governance API release notes (2026)
Subscribe to RSS
Okta Identity Governance is available for both Okta Classic Engine and Okta Identity Engine.
March
Monthly release 2026.03.0
| Change | Expected in Preview Orgs |
|---|---|
| Resource Owners API is GA | September 10, 2025 |
| Governance Labels API is GA | September 10, 2025 |
| Restrict delegates is Beta | March 4, 2026 |
| Operations API is Beta | March 4, 2026 |
| Slack integration for Access Certifications and Access Requests is Beta | February 18, 2026 |
| Developer documentation update in 2026.03.0 | March 4, 2026 |
Resource Owners API is GA
Assign owners to groups, apps, entitlements, and entitlement bundles. This feature allows you to automatically route access request steps and access certification campaign reviews to the correct stakeholder, improving the efficiency and accuracy of your governance processes. It also helps ensure that the right stakeholder is always involved in access decisions without requiring manual updates to your configurations.
- Access Requests: When configuring approval sequences in access request conditions, you can now assign approvals, tasks, or questions directly to resource owners. See Configure an approval sequence (opens new window).
- Access Certifications: When creating certification campaigns, you can now select the Resource Owner as the designated reviewer. See Certification campaign reviews (opens new window).
See the Resource Owners (opens new window) API and Resource Owners (opens new window) in the product documentation to manage assigning owners to resources in your OIG org.
Governance Labels API is GA
The Labels API enables you to categorize and organize resources such as apps, groups, entitlements, and collections. You can create, update, and assign key-value labels to resources to support automation, streamline configuration, and simplify the management of access reviews and requests. See the Labels (opens new window) API and Manage governance labels (opens new window).
Restrict delegates is Beta
BetaRestrict who users can select as a delegate to ensure that tasks are assigned only to authorized individuals. Configure settings to limit delegate selection to a user's direct manager, their colleagues (peers with the same manager), or allow them to select anyone in the org. This helps you strengthen org security, improve compliance, and gives you more control over task delegation. See Enable end users to assign delegates (opens new window).
The Org Governance Settings API has been updated to support restricting delegates for end users. See the delegates.enduser.onlyFor property in Retrieve the org settings (opens new window) and Update the org settings (opens new window) requests.
Operations API is Beta
BetaAdmins can now track the status of asynchronous tasks initiated by governance requests, such as enabling entitlement management on a resource.
Slack integration for Access Certifications and Access Requests is Beta
BetaThe Identity Governance - Slack notifications feature lets you send Access Certification campaign notifications to reviewers and admins through Slack. You can send notifications for new campaigns, reminders for campaigns closing soon, and reassigned review items, among others. Slack notifications for campaigns help reduce the need for additional manual follow-ups for campaign owners. It also helps increase the completion rate of reviews before the campaign's end date.
Once enabled, super admins (SUPER_ADMIN) can integrate Slack with their Okta org. Access certifications admins (ACCESS_CERTIFICATIONS_ADMIN) can configure Slack notifications for Access Certifications, and access requests admins (ACCESS_REQUESTS_ADMIN) can configure Slack notifications for Access Requests.
The following new APIs support governance Slack integration settings and are available as Beta:
- Org Governance Settings > List all org integrations (opens new window) (
GET /governance/api/v1/settings/integrations) - Org Governance Settings > Create an org integration (opens new window) (
POST /governance/api/v1/settings/integrations) - Org Governance Settings > Delete an org integration (opens new window) (
DELETE /governance/api/v1/settings/integrations) - Org Governance Settings > Retrieve the org certification settings (opens new window) (
GET /governance/api/v1/settings/certification) - Org Governance Settings > Update the org certification settings (opens new window) (
PATCH /governance/api/v1/settings/certification)
The integrations property has been added to the following governance APIs to support Slack integration:
- Access Request - V2 > Request Settings > Retrieve the org request settings (opens new window) (
GET /governance/api/v2/request-settings) - Access Request - V2 > Request Settings > Update the org request settings (opens new window) (
PATCH /governance/api/v2/request-settings) - Org Governance Settings > Retrieve the org settings (opens new window) (
GET /governance/api/v1/settings)
Developer documentation update in 2026.03.0
Okta's API reference pages (opens new window) are undergoing a migration, which started on February 24. While the look and feel may vary across pages during this time, all technical documentation remains accurate and up to date.
February
Weekly release 2026.02.2
| Change | Expected in Preview Orgs |
|---|---|
| Bug fixed in 2026.02.2 | February 19, 2026 |
Bug fixed in 2026.02.2
Entitlements API responses didn’t include the createdBy, created, lastUpdated, and lastUpdatedBy properties, and weren’t sorted by orderBy. (OKTA-1095762)
Monthly release 2026.02.0
| Change | Expected in Preview Orgs |
|---|---|
| Permalink ID in V2 access request | February 4, 2026 |
| Certify resource collections - Resource campaigns is EA | January 28, 2026 |
| Additive entitlements is Beta | February 4, 2026 |
| Developer documentation updates in 2026.02.0 | February 4, 2026 |
Permalink ID in V2 access request
A new permalinkId property is returned in V2 access request (opens new window) responses. This property is a user-friendly, immutable identifier that resolves to the request. The identifier (in the form of a permalink) helps users navigate back to the request on the web page.
See requestApprovals.permalinkId (opens new window).
Certify resource collections - Resource campaigns is EA
Use access certification resource campaigns to certify user access to resource collections. Rather than reviewing individual apps, entitlements, or bundles separately, running resource campaigns for resource collections helps you reduce the volume of review items for reviewers and provide them with the necessary context to make informed decisions.
A new COLLECTION resource option in the campaign resourceSettings.type (opens new window) property has been added to support resource collection campaigns.
Additive entitlements is Beta
BetaAdmins can now grant specific, time-bound entitlements to individual users without creating entitlement bundles for requests. These individual entitlement grants are additive in nature to the existing policy or custom grants. Admins can revoke an individual entitlement, which is removed across custom and entitlement grants. They can also perform risk assessments on multiple entitlements for the user.
The following API updates have been made to support individual entitlements:
- Admins can grant individual entitlements to a user, which can be time-boxed. See Create a grant (opens new window) and the
ENTITLEMENToption ingrantType. - The granted individual entitlements can be revoked by an admin or expire if they're time-boxed. See Revoke a principal's access (opens new window).
- Admins can generate risk assessments for multiple entitlements. See Generate a risk assessment (opens new window) and use the
resourceOrnListparameter. - In security access review items, the
assignmentTypeproperty is set toENTITLEMENTif the entitlement resource was assigned through an individual entitlement grant.
Developer documentation updates in 2026.02.0
The Okta developer portal search results now include the API references.
January
Monthly release 2026.01.0
| Change | Expected in Preview Orgs |
|---|---|
| Security access reviews API is GA in Production | September 10, 2025 |
| Permalink ID in V1 access request is Beta | January 8, 2026 |
| AD group support in Access Requests is GA in Production | December 10, 2025 |
| My Access Certification Reviews API is Beta | January 8, 2026 |
| Developer documentation updates in 2026.01.0 | January 7, 2026 |
Security access reviews API is GA in Production
Security access reviews are a new, security-focused type of access review that can be automatically triggered by events. These reviews provide a unified view of a user's access and contextual information about their access history. Also included is an AI-generated access summary, allowing you to investigate and take immediate remediation actions, such as revoking access. See Security Access Reviews (opens new window) in the product documentation.
See the Security Access Reviews (opens new window) API and Launch a security access review guide for details on how to trigger security access reviews through the API.
Permalink ID in V1 access request is Beta
BetaA new permalinkId property is returned in V1 access request (opens new window) responses. This property is a user-friendly, immutable identifier that resolves to the request. Users can use this identifier (in the form of a permalink) to navigate back to the request on the web page. See permalinkId (opens new window).
AD group support in Access Requests is GA in Production
Users can now request access to Active Directory (AD)-sourced groups directly within Access Requests. This enhancement enables seamless governance and automatically fulfills and revokes (if time-bound) access in AD, strengthening your security posture and eliminating the need for duplicate groups or custom Workflows.
You must have Bidirectional Group Management with Active Directory (opens new window) configured in your org to have governance AD group support. See Access governance for AD groups (opens new window).
For users to request access to AD groups, admins must first create a request condition with an AD-sourced group access scope. Use the Create a request condition (opens new window) request and set accessScopeSettings.type to GROUP. In the accessScopeSettings.group list, specify your AD-sourced group IDs that are requestable.
My Access Certification Reviews API is Beta
BetaThe My Access Certification Reviews (opens new window) API enables end users to retrieve reviews and associated details assigned to them. The responses from this API are specifically for the authenticated user (the end user) making the request. See List all managed connections for my review (opens new window).
Developer documentation updates in 2026.01.0
- The new Manage Okta Identity Governance resources using Terraform guide explains how to manage Okta Identity Governance (OIG) resources with Terraform. It details how to create, import, and modify OIG resources using your Terraform configuration.
- The Okta API release notes now provide an RSS feed for each API release note category: Classic Engine, Identity Engine, Identity Governance, Privileged Access, Access Gateway, and Aerial. Click the RSS icon to subscribe.
