On this page
Okta Identity Governance API release notes (2026)
Subscribe to RSS
Okta Identity Governance is available for both Okta Classic Engine and Okta Identity Engine.
April
Monthly release 2026.04.0
| Change | Expected in Preview Orgs |
|---|---|
| Improvements access request experience for Slack is Beta | April 1, 2026 |
| Updated access certification campaign filter | April 1, 2026 |
| Slack integration for Identity Governance | February 18, 2026 |
| Increase to the maximum access duration limit | April 1, 2026 |
| Developer documentation update in 2026.04.0 |
Improvements access request experience for Slack is Beta
BetaIf you've enabled the Unified Requester Experience feature, you can now configure whether users can submit and approve requests in Slack without being redirected to the End-user Dashboard. This applies to access requests that are managed by request types and to conditions. Additionally, when the canApproveRequest setting is enabled, users can approve Okta admin role bundle access requests from Slack. See Configure settings for Slack (opens new window).
The following settings have been updated to support the improved Slack integration, and are available as Beta:
- Access Request - V2 > Request Settings >
integrations.settings.caninitiateRequest: indicates that users can initiate a request from Slack - Access Request - V2 > Request Settings >
integrations.settings.canApproveRequest: indicates that reviewers can approve a request from Slack
Updated access certification campaign filter
The filter query parameter in the List all campaigns (opens new window) API operation now supports startDate and endDate attributes.
Slack integration for Identity Governance
Okta for Government Moderate and Government High customers who use commercial Slack instances can now integrate Slack with their org to streamline access management in Access Requests and Access Certifications. Users can now submit and approve requests in Slack, as well as receive Slack notifications for access requests and certification campaigns. Feature availability varies depending on whether the Unified requester experience feature is enabled. See Okta Identity Governance Limitations for Public Sector Service (opens new window) and Integrate Slack (opens new window).
The following APIs support governance Slack integration settings and are available as Beta:
- Org Slack integration setting: Org Governance Settings > Create an org integration (opens new window)
- Access Certification Slack integration setting: Org Governance Settings > Update the org certification settings (opens new window)
- Access Request Slack integration setting: Access Request - V2 > Request Settings > Update the org request settings (opens new window)
Increase to the maximum access duration limit
When you create or edit access request conditions, you can now set accessDurationSettings.duration or accessDurationSettings.maximumDuration to a maximum of 365 days or 52 weeks.
Developer documentation update in 2026.04.0
The new Manage delegates for governance guide describes how to manage governance delegate assignments and settings using the Okta Identity Governance (OIG) APIs.
March
Weekly release 2026.03.3
| Change | Expected in Preview Orgs |
|---|---|
| Bug fixed in 2026.03.3 | March 25, 2026 |
Bug fixed in 2026.03.3
- The response for
GET /governance/api/v1/requestswith alastUpdatedvalue for thefilterquery parameter, and without theorderByparameter, was sorted bycreatedAtinstead ofupdatedAt. (OKTA-1140026)
Monthly release 2026.03.0
| Change | Expected in Preview Orgs |
|---|---|
| Resource Owners API is GA | September 10, 2025 |
| Governance Labels API is GA | September 10, 2025 |
| Restrict delegates is Beta | March 4, 2026 |
| Operations API is Beta | March 4, 2026 |
| Slack integration for Access Certifications and Access Requests is Beta | February 18, 2026 |
| Developer documentation update in 2026.03.0 | March 4, 2026 |
Resource Owners API is GA
Assign owners to groups, apps, entitlements, and entitlement bundles. This feature allows you to automatically route access request steps and access certification campaign reviews to the correct stakeholder, improving the efficiency and accuracy of your governance processes. It also helps ensure that the right stakeholder is always involved in access decisions without requiring manual updates to your configurations.
- Access Requests: When configuring approval sequences in access request conditions, you can now assign approvals, tasks, or questions directly to resource owners. See Configure an approval sequence (opens new window).
- Access Certifications: When creating certification campaigns, you can now select the Resource Owner as the designated reviewer. See Certification campaign reviews (opens new window).
See the Resource Owners (opens new window) API and Resource Owners (opens new window) in the product documentation to manage assigning owners to resources in your OIG org.
Governance Labels API is GA
The Labels API enables you to categorize and organize resources such as apps, groups, entitlements, and collections. You can create, update, and assign key-value labels to resources to support automation, streamline configuration, and simplify the management of access reviews and requests. See the Labels (opens new window) API and Manage governance labels (opens new window).
Restrict delegates is Beta
BetaRestrict who users can select as a delegate to ensure that tasks are assigned only to authorized individuals. Configure settings to limit delegate selection to a user's direct manager, their colleagues (peers with the same manager), or allow them to select anyone in the org. This helps you strengthen org security, improve compliance, and gives you more control over task delegation. See Enable end users to assign delegates (opens new window).
The Org Governance Settings API has been updated to support restricting delegates for end users. See the delegates.enduser.onlyFor property in Retrieve the org settings (opens new window) and Update the org settings (opens new window) requests.
Operations API is Beta
BetaAdmins can now track the status of asynchronous tasks initiated by governance requests, such as enabling entitlement management on a resource. See the Operations (opens new window) API.
Slack integration for Access Certifications and Access Requests is Beta
BetaThe Identity Governance - Slack notifications feature lets you send Access Certification campaign notifications to reviewers and admins through Slack. You can send notifications for new campaigns, reminders for campaigns closing soon, and reassigned review items, among others. Slack notifications for campaigns help reduce the need for additional manual follow-ups for campaign owners. It also helps increase the completion rate of reviews before the campaign's end date.
Once enabled, super admins (SUPER_ADMIN) can integrate Slack with their Okta org. Access certifications admins (ACCESS_CERTIFICATIONS_ADMIN) can configure Slack notifications for Access Certifications, and access requests admins (ACCESS_REQUESTS_ADMIN) can configure Slack notifications for Access Requests.
The following new APIs support governance Slack integration settings and are available as Beta:
- Org Governance Settings > List all org integrations (opens new window) (
GET /governance/api/v1/settings/integrations) - Org Governance Settings > Create an org integration (opens new window) (
POST /governance/api/v1/settings/integrations) - Org Governance Settings > Delete an org integration (opens new window) (
DELETE /governance/api/v1/settings/integrations) - Org Governance Settings > Retrieve the org certification settings (opens new window) (
GET /governance/api/v1/settings/certification) - Org Governance Settings > Update the org certification settings (opens new window) (
PATCH /governance/api/v1/settings/certification)
The integrations property has been added to the following governance APIs to support Slack integration:
- Access Request - V2 > Request Settings > Retrieve the org request settings (opens new window) (
GET /governance/api/v2/request-settings) - Access Request - V2 > Request Settings > Update the org request settings (opens new window) (
PATCH /governance/api/v2/request-settings) - Org Governance Settings > Retrieve the org settings (opens new window) (
GET /governance/api/v1/settings)
Developer documentation update in 2026.03.0
Okta's API reference pages (opens new window) are undergoing a migration, which started on February 24. While the look and feel may vary across pages during this time, all technical documentation remains accurate and up to date.
February
Weekly release 2026.02.2
| Change | Expected in Preview Orgs |
|---|---|
| Bug fixed in 2026.02.2 | February 19, 2026 |
Bug fixed in 2026.02.2
Entitlements API responses didn't include the createdBy, created, lastUpdated, and lastUpdatedBy properties, and weren't sorted by orderBy. (OKTA-1095762)
Monthly release 2026.02.0
| Change | Expected in Preview Orgs |
|---|---|
| Permalink ID in V2 access request | February 4, 2026 |
| Certify resource collections - Resource campaigns is EA | January 28, 2026 |
| Additive entitlements is Beta | February 4, 2026 |
| Developer documentation updates in 2026.02.0 | February 4, 2026 |
Permalink ID in V2 access request
A new permalinkId property is returned in V2 access request (opens new window) responses. This property is a user-friendly, immutable identifier that resolves to the request. The identifier (in the form of a permalink) helps users navigate back to the request on the web page.
See requestApprovals.permalinkId (opens new window).
Certify resource collections - Resource campaigns is EA
Use access certification resource campaigns to certify user access to resource collections. Rather than reviewing individual apps, entitlements, or bundles separately, running resource campaigns for resource collections helps you reduce the volume of review items for reviewers and provide them with the necessary context to make informed decisions.
A new COLLECTION resource option in the campaign resourceSettings.type (opens new window) property has been added to support resource collection campaigns.
Additive entitlements is Beta
BetaAdmins can now grant specific, time-bound entitlements to individual users without creating entitlement bundles for requests. These individual entitlement grants are additive in nature to the existing policy or custom grants. Admins can revoke an individual entitlement, which is removed across custom and entitlement grants. They can also perform risk assessments on multiple entitlements for the user.
The following API updates have been made to support individual entitlements:
- Admins can grant individual entitlements to a user, which can be time-boxed. See Create a grant (opens new window) and the
ENTITLEMENToption ingrantType. - The granted individual entitlements can be revoked by an admin or expire if they're time-boxed. See Revoke a principal's access (opens new window).
- Admins can generate risk assessments for multiple entitlements. See Generate a risk assessment (opens new window) and use the
resourceOrnListparameter. - In security access review items, the
assignmentTypeproperty is set toENTITLEMENTif the entitlement resource was assigned through an individual entitlement grant.
Developer documentation updates in 2026.02.0
The Okta developer portal search results now include the API references.
January
Monthly release 2026.01.0
| Change | Expected in Preview Orgs |
|---|---|
| Security access reviews API is GA in Production | September 10, 2025 |
| Permalink ID in V1 access request is Beta | January 8, 2026 |
| AD group support in Access Requests is GA in Production | December 10, 2025 |
| My Access Certification Reviews API is Beta | January 8, 2026 |
| Developer documentation updates in 2026.01.0 | January 7, 2026 |
Security access reviews API is GA in Production
Security access reviews are a new, security-focused type of access review that can be automatically triggered by events. These reviews provide a unified view of a user's access and contextual information about their access history. Also included is an AI-generated access summary, allowing you to investigate and take immediate remediation actions, such as revoking access. See Security Access Reviews (opens new window) in the product documentation.
See the Security Access Reviews (opens new window) API and Launch a security access review guide for details on how to trigger security access reviews through the API.
Permalink ID in V1 access request is Beta
BetaA new permalinkId property is returned in V1 access request (opens new window) responses. This property is a user-friendly, immutable identifier that resolves to the request. Users can use this identifier (in the form of a permalink) to navigate back to the request on the web page. See permalinkId (opens new window).
AD group support in Access Requests is GA in Production
Users can now request access to Active Directory (AD)-sourced groups directly within Access Requests. This enhancement enables seamless governance and automatically fulfills and revokes (if time-bound) access in AD, strengthening your security posture and eliminating the need for duplicate groups or custom Workflows.
You must have Bidirectional Group Management with Active Directory (opens new window) configured in your org to have governance AD group support. See Access governance for AD groups (opens new window).
For users to request access to AD groups, admins must first create a request condition with an AD-sourced group access scope. Use the Create a request condition (opens new window) request and set accessScopeSettings.type to GROUP. In the accessScopeSettings.group list, specify your AD-sourced group IDs that are requestable.
My Access Certification Reviews API is Beta
BetaThe My Access Certification Reviews (opens new window) API enables end users to retrieve reviews and associated details assigned to them. The responses from this API are specifically for the authenticated user (the end user) making the request. See List all managed connections for my review (opens new window).
Developer documentation updates in 2026.01.0
- The new Manage Okta Identity Governance resources using Terraform guide explains how to manage Okta Identity Governance (OIG) resources with Terraform. It details how to create, import, and modify OIG resources using your Terraform configuration.
- The Okta API release notes now provide an RSS feed for each API release note category: Classic Engine, Identity Engine, Identity Governance, Privileged Access, Access Gateway, and Aerial. Click the RSS icon to subscribe.
