On this page
Okta Identity Governance API release notes (2026)
Subscribe to RSS
Okta Identity Governance is available for both Okta Classic Engine and Okta Identity Engine.
May
Weekly release 2026.05.1
| Change | Expected in Preview Orgs |
|---|---|
| Automate access request management with Tasks APIs is Beta | May 13, 2026 |
| Customized Justification Requirements | May 13, 2026 |
Automate access request management with Tasks APIs is Beta
The Tasks APIs allow admins to automate the management of in-flight access requests and build custom approval logic using tools like Okta Workflows. These APIs enable the integration of the access request lifecycle into custom portals, IT Service Management (ITSM) tools, custom CLIs, or chatbots.
These APIs are only available for access requests managed by conditions in Access Request - V2:
- Access Request - V2 > Tasks (opens new window)
- End user APIs > My Tasks (opens new window)
Customize Justification Requirements
When you create or edit a campaign, configure Justification Settings (opens new window) to provide granular control over how campaign reviewers justify their access decisions. This includes requiring the reviewer to provide a reason for revoking or approving access. This helps you better align the reviewer experience with your org’s specific compliance needs.
The reviewerSettings.justificationRequirement (opens new window) campaign API property has been added to support configuring review justification settings. Use this new property instead of reviewerSettings.justificationRequired for granular control over review justification settings.
Monthly release 2026.05.0
| Change | Expected in Preview Orgs |
|---|---|
| Self-review for Okta admin roles is EA | May 6, 2026 |
| Governance Analyzer is EA | May 6, 2026 |
Self-review for Okta admin roles is EA
Allow or block campaign reviewers from approving or revoking their own access to Okta admin roles. While Okta prevents self-reviews in campaigns that govern Okta admin roles by default, this feature gives you the option to allow self reviews. See Create campaigns to review admin roles (opens new window).
As a result, the reviewerSettings.selfReviewDisabled (opens new window) and the reviewerSettings.reviewerLevels[].selfReviewDisabled (opens new window) properties aren't required to be true for campaigns that include the Admin Console as a resource.
Governance Analyzer is EA
Governance Analyzer provides access certification campaign reviewers with insights and recommendations to make more informed decisions when approving or revoking user access. See Governance Analyzer (opens new window) in the product documentation.
The following My Access Certification Reviews (opens new window) end-user operations are now available to support the Governance Analyzer feature:
- Submit a bulk-review decision (opens new window)
- Retrieve the status of a bulk-review submission (opens new window)
April
Weekly release 2026.04.3
| Change | Expected in Preview Orgs |
|---|---|
| Entitlement value response updates | April 29, 2026 |
Entitlement value response updates
The response for the List all reviews (opens new window), Reassign the review (opens new window), and Retrieve the review (opens new window) operations now return the following additional properties for entitlementValue (opens new window):
externalValue(opens new window): The external value stringentitlement(opens new window): The entitlement object that the entitlement value belongs to
Weekly release 2026.04.2
| Change | Expected in Preview Orgs |
|---|---|
| Bug fixed in 2026.04.2 | April 15, 2026 |
Bug fixed in 2026.04.2
Searching for campaigns with a filter query parameter failed when the filter expression contained the startDate or endDate attributes. (OKTA-1143386)
Monthly release 2026.04.0
| Change | Expected in Preview Orgs |
|---|---|
| Improvements access request experience for Slack is Beta | April 1, 2026 |
| Updated access certification campaign filter | April 1, 2026 |
| Slack integration for Identity Governance | February 18, 2026 |
| Increase to the maximum access duration limit | April 1, 2026 |
| Developer documentation update in 2026.04.0 |
Improvements access request experience for Slack is Beta
BetaIf you've enabled the Unified Requester Experience feature, you can now configure whether users can submit and approve requests in Slack without being redirected to the End-user Dashboard. This applies to access requests that are managed by request types and to conditions. Additionally, when the canApproveRequest setting is enabled, users can approve Okta admin role bundle access requests from Slack. See Configure settings for Slack (opens new window).
The following settings have been updated to support the improved Slack integration, and are available as Beta:
- Access Request - V2 > Request Settings > Update the org request settings (opens new window) >
integrations.settings.caninitiateRequest: indicates that users can initiate a request from Slack - Access Request - V2 > Request Settings > Update the org request settings (opens new window) >
integrations.settings.canApproveRequest: indicates that reviewers can approve a request from Slack
Updated access certification campaign filter
The filter query parameter in the List all campaigns (opens new window) API operation now supports startDate and endDate attributes.
Slack integration for Identity Governance
Okta for Government Moderate and Government High customers who use commercial Slack instances can now integrate Slack with their org to streamline access management in Access Requests and Access Certifications. Users can now submit and approve requests in Slack, as well as receive Slack notifications for access requests and certification campaigns. Feature availability varies depending on whether the Unified requester experience feature is enabled. See Okta Identity Governance Limitations for Public Sector Service (opens new window) and Integrate Slack (opens new window).
The following APIs support governance Slack integration settings and are available as Beta:
- Org Slack integration setting: Org Governance Settings > Create an org integration (opens new window)
- Access Certification Slack integration setting: Org Governance Settings > Update the org certification settings (opens new window)
- Access Request Slack integration setting: Access Request - V2 > Request Settings > Update the org request settings (opens new window)
Increase to the maximum access duration limit
When you create or edit access request conditions, you can now set accessDurationSettings.duration or accessDurationSettings.maximumDuration to a maximum of 365 days or 52 weeks.
Developer documentation update in 2026.04.0
The new Manage delegates for governance guide describes how to manage governance delegate assignments and settings using the Okta Identity Governance (OIG) APIs.
March
Weekly release 2026.03.3
| Change | Expected in Preview Orgs |
|---|---|
| Bug fixed in 2026.03.3 | March 25, 2026 |
Bug fixed in 2026.03.3
- The response for
GET /governance/api/v1/requestswith alastUpdatedvalue for thefilterquery parameter, and without theorderByparameter, was sorted bycreatedAtinstead ofupdatedAt. (OKTA-1140026)
Monthly release 2026.03.0
| Change | Expected in Preview Orgs |
|---|---|
| Resource Owners API is GA | September 10, 2025 |
| Governance Labels API is GA | September 10, 2025 |
| Restrict delegates is Beta | March 4, 2026 |
| Operations API is Beta | March 4, 2026 |
| Slack integration for Access Certifications and Access Requests is Beta | February 18, 2026 |
| Developer documentation update in 2026.03.0 | March 4, 2026 |
Resource Owners API is GA
Assign owners to groups, apps, entitlements, and entitlement bundles. This feature allows you to automatically route access request steps and access certification campaign reviews to the correct stakeholder, improving the efficiency and accuracy of your governance processes. It also helps ensure that the right stakeholder is always involved in access decisions without requiring manual updates to your configurations.
- Access Requests: When configuring approval sequences in access request conditions, you can now assign approvals, tasks, or questions directly to resource owners. See Configure an approval sequence (opens new window).
- Access Certifications: When creating certification campaigns, you can now select the Resource Owner as the designated reviewer. See Certification campaign reviews (opens new window).
See the Resource Owners (opens new window) API and Resource Owners (opens new window) in the product documentation to manage assigning owners to resources in your OIG org.
Governance Labels API is GA
The Labels API enables you to categorize and organize resources such as apps, groups, entitlements, and collections. You can create, update, and assign key-value labels to resources to support automation, streamline configuration, and simplify the management of access reviews and requests. See the Labels (opens new window) API and Manage governance labels (opens new window).
Restrict delegates is Beta
BetaRestrict who users can select as a delegate to ensure that tasks are assigned only to authorized individuals. Configure settings to limit delegate selection to a user's direct manager, their colleagues (peers with the same manager), or allow them to select anyone in the org. This helps you strengthen org security, improve compliance, and gives you more control over task delegation. See Enable end users to assign delegates (opens new window).
The Org Governance Settings API has been updated to support restricting delegates for end users. See the delegates.enduser.onlyFor property in Retrieve the org settings (opens new window) and Update the org settings (opens new window) requests.
Operations API is Beta
BetaAdmins can now track the status of asynchronous tasks initiated by governance requests, such as enabling entitlement management on a resource. See the Operations (opens new window) API.
Slack integration for Access Certifications and Access Requests is Beta
BetaThe Identity Governance - Slack notifications feature lets you send Access Certification campaign notifications to reviewers and admins through Slack. You can send notifications for new campaigns, reminders for campaigns closing soon, and reassigned review items, among others. Slack notifications for campaigns help reduce the need for additional manual follow-ups for campaign owners. It also helps increase the completion rate of reviews before the campaign's end date.
Once enabled, super admins (SUPER_ADMIN) can integrate Slack with their Okta org. Access certifications admins (ACCESS_CERTIFICATIONS_ADMIN) can configure Slack notifications for Access Certifications, and access requests admins (ACCESS_REQUESTS_ADMIN) can configure Slack notifications for Access Requests.
The following new APIs support governance Slack integration settings and are available as Beta:
- Org Governance Settings > List all org integrations (opens new window) (
GET /governance/api/v1/settings/integrations) - Org Governance Settings > Create an org integration (opens new window) (
POST /governance/api/v1/settings/integrations) - Org Governance Settings > Delete an org integration (opens new window) (
DELETE /governance/api/v1/settings/integrations) - Org Governance Settings > Retrieve the org certification settings (opens new window) (
GET /governance/api/v1/settings/certification) - Org Governance Settings > Update the org certification settings (opens new window) (
PATCH /governance/api/v1/settings/certification)
The integrations property has been added to the following governance APIs to support Slack integration:
- Access Request - V2 > Request Settings > Retrieve the org request settings (opens new window) (
GET /governance/api/v2/request-settings) - Access Request - V2 > Request Settings > Update the org request settings (opens new window) (
PATCH /governance/api/v2/request-settings) - Org Governance Settings > Retrieve the org settings (opens new window) (
GET /governance/api/v1/settings)
Developer documentation update in 2026.03.0
Okta's API reference pages (opens new window) are undergoing a migration, which started on February 24. While the look and feel may vary across pages during this time, all technical documentation remains accurate and up to date.
February
Weekly release 2026.02.2
| Change | Expected in Preview Orgs |
|---|---|
| Bug fixed in 2026.02.2 | February 19, 2026 |
Bug fixed in 2026.02.2
Entitlements API responses didn't include the createdBy, created, lastUpdated, and lastUpdatedBy properties, and weren't sorted by orderBy. (OKTA-1095762)
Monthly release 2026.02.0
| Change | Expected in Preview Orgs |
|---|---|
| Permalink ID in V2 access request | February 4, 2026 |
| Certify resource collections - Resource campaigns is EA | January 28, 2026 |
| Additive entitlements is Beta | February 4, 2026 |
| Developer documentation updates in 2026.02.0 | February 4, 2026 |
Permalink ID in V2 access request
A new permalinkId property is returned in V2 access request (opens new window) responses. This property is a user-friendly, immutable identifier that resolves to the request. The identifier (in the form of a permalink) helps users navigate back to the request on the web page.
See requestApprovals.permalinkId (opens new window).
Certify resource collections - Resource campaigns is EA
Use access certification resource campaigns to certify user access to resource collections. Rather than reviewing individual apps, entitlements, or bundles separately, running resource campaigns for resource collections helps you reduce the volume of review items for reviewers and provide them with the necessary context to make informed decisions.
A new COLLECTION resource option in the campaign resourceSettings.type (opens new window) property has been added to support resource collection campaigns.
Additive entitlements is Beta
BetaAdmins can now grant specific, time-bound entitlements to individual users without creating entitlement bundles for requests. These individual entitlement grants are additive in nature to the existing policy or custom grants. Admins can revoke an individual entitlement, which is removed across custom and entitlement grants. They can also perform risk assessments on multiple entitlements for the user.
The following API updates have been made to support individual entitlements:
- Admins can grant individual entitlements to a user, which can be time-boxed. See Create a grant (opens new window) and the
ENTITLEMENToption ingrantType. - The granted individual entitlements can be revoked by an admin or expire if they're time-boxed. See Revoke a principal's access (opens new window).
- Admins can generate risk assessments for multiple entitlements. See Generate a risk assessment (opens new window) and use the
resourceOrnListparameter. - In security access review items, the
assignmentTypeproperty is set toENTITLEMENTif the entitlement resource was assigned through an individual entitlement grant.
Developer documentation updates in 2026.02.0
The Okta developer portal search results now include the API references.
January
Monthly release 2026.01.0
| Change | Expected in Preview Orgs |
|---|---|
| Security access reviews API is GA in Production | September 10, 2025 |
| Permalink ID in V1 access request is Beta | January 8, 2026 |
| AD group support in Access Requests is GA in Production | December 10, 2025 |
| My Access Certification Reviews API is Beta | January 8, 2026 |
| Developer documentation updates in 2026.01.0 | January 7, 2026 |
Security access reviews API is GA in Production
Security access reviews are a new, security-focused type of access review that can be automatically triggered by events. These reviews provide a unified view of a user's access and contextual information about their access history. Also included is an AI-generated access summary, allowing you to investigate and take immediate remediation actions, such as revoking access. See Security Access Reviews (opens new window) in the product documentation.
See the Security Access Reviews (opens new window) API and Launch a security access review guide for details on how to trigger security access reviews through the API.
Permalink ID in V1 access request is Beta
BetaA new permalinkId property is returned in V1 access request (opens new window) responses. This property is a user-friendly, immutable identifier that resolves to the request. Users can use this identifier (in the form of a permalink) to navigate back to the request on the web page. See permalinkId (opens new window).
AD group support in Access Requests is GA in Production
Users can now request access to Active Directory (AD)-sourced groups directly within Access Requests. This enhancement enables seamless governance and automatically fulfills and revokes (if time-bound) access in AD, strengthening your security posture and eliminating the need for duplicate groups or custom Workflows.
You must have Bidirectional Group Management with Active Directory (opens new window) configured in your org to have governance AD group support. See Access governance for AD groups (opens new window).
For users to request access to AD groups, admins must first create a request condition with an AD-sourced group access scope. Use the Create a request condition (opens new window) request and set accessScopeSettings.type to GROUP. In the accessScopeSettings.group list, specify your AD-sourced group IDs that are requestable.
My Access Certification Reviews API is Beta
BetaThe My Access Certification Reviews (opens new window) API enables end users to retrieve reviews and associated details assigned to them. The responses from this API are specifically for the authenticated user (the end user) making the request. See List all managed connections for my review (opens new window).
Developer documentation updates in 2026.01.0
- The new Manage Okta Identity Governance resources using Terraform guide explains how to manage Okta Identity Governance (OIG) resources with Terraform. It details how to create, import, and modify OIG resources using your Terraform configuration.
- The Okta API release notes now provide an RSS feed for each API release note category: Classic Engine, Identity Engine, Identity Governance, Privileged Access, Access Gateway, and Aerial. Click the RSS icon to subscribe.
