# Access Reviews: Okta Group Membership ### Overview In Okta, users are typically assigned to groups, which usually correspond to a business role. Applications can be assigned to groups, Groups are then assigned to applications enabling teams of users within the same Group to access the same set of applications. This document describes how to create a new configuration you can use to review which Okta Users are assigned to Okta Groups in your organization. ### Before you start You will need: * An [Okta](/4yItIzMvkpAvMVFAamTf/integrations/integrations/okta.md) integration enabled in Veza. * The Veza admin or operator [role](/4yItIzMvkpAvMVFAamTf/administration/administration/users/roles.md), required to create configurations and start access reviews. ### Create a review configuration 1. Create a new access review configuration: 1.1. Log in to Veza and go to **Access Reviews** > **Configurations**. 1.2. Click **New Configuration**. 1.3. Give the configuration a name and optionally a description. 2. Define the scope of the access review: Use the **Review Scope** section of the configuration builder to search for related Okta users and Okta groups. 2.1. For the **Source Entity Type**, search for **Okta User** and select it. 2.2. For the **Destination Entity Type**, click to open the menu and scroll down to search for **Okta Group**. 3. Create a new review: 3.1. Click **Save** to open the configuration details page to create a new review. 3.2. From the **Review Configuration Details**, click **New Review**. 3.3. Click **Create** to make the review available without publishing it. 4. From the configuration details, in the **Active Reviews** section, click the review name or click **Open** next to the one you just created. ### Review access: Okta User to Okta Group The reviewer interface shows a unique row for each Okta User to Okta group assignment. Inspect each row to approve or reject the access. {% hint style="success" %} Customizing the reviewer interface can improve visual clarity and aid in decision-making. For this review, click **Columns** above the table of rows. Scroll or type to search for an attribute to show or hide: 1. Show **Risk Scores**. Enable this column to show the total percentage of resources each user can access, but has unutilized permissions on. 2. Search for **User “IdP Unique ID”** and deselect it, unless this is needed to differentiate between users with the same name. {% endhint %} ![Reviewing access: Okta User to Okta Group.](/files/nmt1GEmgQtyqrWmgZYkB) Hover over a row and click the Details icon to open the sidebar. Use the details sidebar or add columns to see more attributes such as the group type, created date, and description. You can also add or remove columns to show or hide additional details about a user and group. 1. Click the **Approve ✅** or **Reject ❌** icon for each row to make an initial decision. 2. Make decisions final by clicking **Sign-off** at the top right. 3. Finish the review by deciding and signing off on all rows. Once all rows have a decision, click **Complete Review** on the top right. ### See also * [Access Reviewer's Guide](/4yItIzMvkpAvMVFAamTf/features/access-reviews/access-reviewer-guide.md) --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.veza.com/4yItIzMvkpAvMVFAamTf/features/access-reviews/scenarios/okta-groups.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.