Okta API token revoked
Description
AlphaSOC detected that an Okta API token was revoked using the
system.api_token.revoke event. This action permanently invalidates an API
token that provides programmatic access to Okta resources. While API tokens are
commonly revoked as part of routine security practices, unauthorized revocation
could disrupt integrations that rely on these tokens for authentication and
authorization.
Impact
Unauthorized API token revocation can lead to service disruptions, as applications, integrations, and automated workflows that depend on the revoked token will lose their ability to authenticate with Okta. This may impact business operations, third-party integrations, and automated processes until new tokens are generated and configured.
Severity
| Severity | Condition |
|---|---|
Informational | Okta API token revoked |
Investigation and Remediation
Review Okta system logs to identify who initiated the token revocation and verify whether it was authorized. Check for any suspicious activities preceding this action. If unauthorized, reset any potentially compromised credentials and audit the environment for further signs of compromise. Generate and distribute new API tokens to restore functionality for affected integrations.