Skip to main content

Okta privilege granted

ID:okta_privilege_granted
Data type:Okta
Severity:
Low
MITRE ATT&CK:TA0003:T1098.003

Description

AlphaSOC detected that privileges were granted in Okta. This activity involves modifying user permissions or roles within the Okta identity and access management platform. Unauthorized privilege changes may indicate account compromise, as threat actors who gain access often escalate privileges for compromised accounts to maintain persistence and expand their reach within the environment.

Impact

Privilege escalation in Okta can provide adversaries with increased access to the organization's identity infrastructure, potentially enabling them to access sensitive applications, modify security policies, disable multi-factor authentication, or perform other unauthorized actions within the environment.

Severity

SeverityCondition
Low
Okta privilege granted

Investigation and Remediation

Review the Okta System Log to verify whether the privilege grant was authorized, check the context of the event, including the user who granted the privileges, the user who received them, and the specific privileges granted. If unauthorized, revoke the privileges immediately, reset credentials for affected accounts, and conduct a security review of the environment for other indicators of potential compromise.

Known False Positives

  • Routine administrative activities such as onboarding new employees or changing job roles
  • Planned privilege changes during system maintenance or reorganization
  • Automated privilege adjustments from integrated HR systems