On this page
Okta Identity Governance API release notes (2026)
Subscribe to RSS
Okta Identity Governance is available for both Okta Classic Engine and Okta Identity Engine.
February
Monthly release 2026.02.0
| Change | Expected in Preview Orgs |
|---|---|
| Permalink ID in V2 access request | February 4, 2026 |
| Certify resource collections - Resource campaigns is EA | January 28, 2026 |
| Additive entitlements is Beta | February 4, 2026 |
| Developer documentation updates in 2026.02.0 | February 4, 2026 |
Permalink ID in V2 access request
A new permalinkId property is returned in V2 access request (opens new window) responses. This property is a user-friendly, immutable identifier that resolves to the request. The identifier (in the form of a permalink) helps users navigate back to the request on the web page.
See requestApprovals.permalinkId (opens new window).
Certify resource collections - Resource campaigns is EA
Use access certification resource campaigns to certify user access to resource collections. Rather than reviewing individual apps, entitlements, or bundles separately, running resource campaigns for resource collections helps you reduce the volume of review items for reviewers and provide them with the necessary context to make informed decisions.
A new COLLECTION resource option in the campaign resourceSettings.type (opens new window) property has been added to support resource collection campaigns.
Additive entitlements is Beta
BetaAdmins can now grant specific, time-bound entitlements to individual users without creating entitlement bundles for requests. These individual entitlement grants are additive in nature to the existing policy or custom grants. Admins can revoke an individual entitlement, which is removed across custom and entitlement grants. They can also perform risk assessments on multiple entitlements for the user.
The following API updates have been made to support individual entitlements:
- Admins can grant individual entitlements to a user, which can be time-boxed. See Create a grant (opens new window) and the
ENTITLEMENToption ingrantType. - The granted individual entitlements can be revoked by an admin or expire if they're time-boxed. See Revoke a principal's access (opens new window).
- Admins can generate risk assessments for multiple entitlements. See Generate a risk assessment (opens new window) and use the
resourceOrnListparameter. - In security access review items, the
assignmentTypeproperty is set toENTITLEMENTif the entitlement resource was assigned through an individual entitlement grant.
Developer documentation updates in 2026.02.0
The Okta developer portal search results now include the API references.
January
Monthly release 2026.01.0
| Change | Expected in Preview Orgs |
|---|---|
| Security access reviews API is GA in Production | September 10, 2025 |
| Permalink ID in V1 access request is Beta | January 8, 2026 |
| AD group support in Access Requests is GA in Production | December 10, 2025 |
| My Access Certification Reviews API is Beta | January 8, 2026 |
| Developer documentation updates in 2026.01.0 | January 7, 2026 |
Security access reviews API is GA in Production
Security access reviews are a new, security-focused type of access review that can be automatically triggered by events. These reviews provide a unified view of a user's access and contextual information about their access history. Also included is an AI-generated access summary, allowing you to investigate and take immediate remediation actions, such as revoking access. See Security Access Reviews (opens new window) in the product documentation.
See the Security Access Reviews (opens new window) API and Launch a security access review guide for details on how to trigger security access reviews through the API.
Permalink ID in V1 access request is Beta
BetaA new permalinkId property is returned in V1 access request (opens new window) responses. This property is a user-friendly, immutable identifier that resolves to the request. Users can use this identifier (in the form of a permalink) to navigate back to the request on the web page. See permalinkId (opens new window).
AD group support in Access Requests is GA in Production
Users can now request access to Active Directory (AD)-sourced groups directly within Access Requests. This enhancement enables seamless governance and automatically fulfills and revokes (if time-bound) access in AD, strengthening your security posture and eliminating the need for duplicate groups or custom Workflows.
You must have Bidirectional Group Management with Active Directory (opens new window) configured in your org to have governance AD group support. See Access governance for AD groups (opens new window).
For users to request access to AD groups, admins must first create a request condition with an AD-sourced group access scope. Use the Create a request condition (opens new window) request and set accessScopeSettings.type to GROUP. In the accessScopeSettings.group list, specify your AD-sourced group IDs that are requestable.
My Access Certification Reviews API is Beta
BetaThe My Access Certification Reviews (opens new window) API enables end users to retrieve reviews and associated details assigned to them. The responses from this API are specifically for the authenticated user (the end user) making the request. See List all managed connections for my review (opens new window).
Developer documentation updates in 2026.01.0
- The new Manage Okta Identity Governance resources using Terraform guide explains how to manage Okta Identity Governance (OIG) resources with Terraform. It details how to create, import, and modify OIG resources using your Terraform configuration.
- The Okta API release notes now provide an RSS feed for each API release note category: Classic Engine, Identity Engine, Identity Governance, Privileged Access, Access Gateway, and Aerial. Click the RSS icon to subscribe.
