Okta Org2Org application created or modified
Description
AlphaSOC detected that an Okta Org2Org application was created or modified. Org2Org applications enable communication and user provisioning between different Okta organizations. While these applications serve legitimate purposes, threat actors can exploit them to connect compromised Okta organizations with attacker-controlled ones, potentially enabling unauthorized access to resources within the target environment.
Impact
Unauthorized manipulation of Org2Org applications could allow adversaries to establish persistent access to the Okta environment. This activity may indicate an attempt to create a backdoor by leveraging trust relationships between Okta organizations. Such access could enable attackers to bypass authentication controls, access sensitive data, move laterally across connected systems, and potentially exfiltrate data from the compromised environment.
Severity
| Severity | Condition |
|---|---|
Informational | Okta Org2Org application created or modified |
Investigation and Remediation
Review the Okta system logs to identify who created or modified the Org2Org application and verify if this action was authorized. If unauthorized, immediately deactivate the application, revoke any potentially compromised credentials, and audit the environment for signs of further compromise.