Skip to main content

Okta admin role assigned

ID:okta_admin_role_assigned
Data type:Okta
Severity:
Low
MITRE ATT&CK:TA0003:T1098.003

Description

AlphaSOC detected that an Okta admin role was assigned to a user. This action grants elevated privileges within the Okta identity and access management platform. Threat actors who gain access to Okta environments may attempt to assign administrative roles to compromised accounts to establish persistence and expand their access in the environment.

Impact

This action may provide threat actors with the ability to manage user accounts, modify authentication policies, and access sensitive information across the organization's Okta environment. Unauthorized admin role assignments can lead to potential data breaches, lateral movement across the network, and the ability to manipulate user permissions, create backdoor accounts, or perform other malicious activities within the environment.

Severity

SeverityCondition
Low
Okta admin role assigned

Investigation and Remediation

Review Okta System Log to verify whether the admin role assignment was authorized. If unauthorized, disable access for the affected user, reset any potentially compromised credentials, and conduct a thorough security audit of the environment for other signs of potential compromise.