Okta admin role assigned
Description
AlphaSOC detected that an Okta admin role was assigned to a user. This action grants elevated privileges within the Okta identity and access management platform. Threat actors who gain access to Okta environments may attempt to assign administrative roles to compromised accounts to establish persistence and expand their access in the environment.
Impact
This action may provide threat actors with the ability to manage user accounts, modify authentication policies, and access sensitive information across the organization's Okta environment. Unauthorized admin role assignments can lead to potential data breaches, lateral movement across the network, and the ability to manipulate user permissions, create backdoor accounts, or perform other malicious activities within the environment.
Severity
Severity | Condition |
---|---|
Low | Okta admin role assigned |
Investigation and Remediation
Review Okta System Log to verify whether the admin role assignment was authorized. If unauthorized, disable access for the affected user, reset any potentially compromised credentials, and conduct a thorough security audit of the environment for other signs of potential compromise.