Access Rules
Last updated
Last updated
Access Rules enable automated access provisioning according to user attributes.
Access Rules are useful for automatically granting Access Entities to users in a particular department, group, or location, for example. They can be checked and applied periodically to maintain accuracy of access entitlements and ensure your application licenses are optimally allotted.
Type: Type of check to apply before applying access to users
Simple: Run a simple filter condition against all users, and grant access to all users that match
Scripted: For each user, apply the script and return true/false if the access should be granted
Brute force mode: When disabled, all access requests are made via Catalog Items, and include all associated approvals and checks against Okta prior to granting access. When enabled, the Service Catalog and all approvals/checks are bypassed, immediately making the access request to Okta.
Run daily for all user: When enabled, this rule will run daily for all active users in ServiceNow.
By default, any Access Rule with Run daily for all users is assessed once-per-day via the scheduled job Okta Orchestrator - Run Daily Access Rules.
If you wish to run Access Rules on demand, see the section below to Programmatically Apply Access Rules.
Using Run daily for all users can result in a large computation load on ServiceNow and the Okta instance. If enabled, it is recommended that Brute force mode is enabled, and that Track assignment locally is enabled for all associated Access Entities.
Access entities: Access Entities that will be granted/removed by this Access Rule
Apply inverse: If enabled, access will be removed from users who do not match the rule. If disabled, the rule is only able to grant access, but not remove.
All Access Rules can be assessed for a specific user with:
A single Access Rule can be assessed for a specific user with:
