Okta privilege granted
Description
AlphaSOC detected that privileges were granted in Okta. This activity involves modifying user permissions or roles within the Okta identity and access management platform. Unauthorized privilege changes may indicate account compromise, as threat actors who gain access often escalate privileges for compromised accounts to maintain persistence and expand their reach within the environment.
Impact
Privilege escalation in Okta can provide adversaries with increased access to the organization's identity infrastructure, potentially enabling them to access sensitive applications, modify security policies, disable multi-factor authentication, or perform other unauthorized actions within the environment.
Severity
Severity | Condition |
---|---|
Low | Okta privilege granted |
Investigation and Remediation
Review the Okta System Log to verify whether the privilege grant was authorized, check the context of the event, including the user who granted the privileges, the user who received them, and the specific privileges granted. If unauthorized, revoke the privileges immediately, reset credentials for affected accounts, and conduct a security review of the environment for other indicators of potential compromise.
Known False Positives
- Routine administrative activities such as onboarding new employees or changing job roles
- Planned privilege changes during system maintenance or reorganization
- Automated privilege adjustments from integrated HR systems