<  Back to rules search

Okta administrator role assigned to user

okta

Classification:

attack

Tactic:

Set up the okta integration.

Cette page n'est pas encore disponible en français, sa traduction est en cours.
Si vous avez des questions ou des retours sur notre projet de traduction actuel, n'hésitez pas à nous contacter.

Goal

Detect when administrative privileges are provisioned to an Okta user.

Strategy

This rule lets you monitor the following Okta event to detect when administrative privileges are provisioned:

  • user.account.privilege.grant

Triage and response

  1. Contact the Okta administrator: {{@usr.email}} to confirm that the user or users should have administrative privileges.
  2. If the change was not authorized, verify there are no other signals from the Okta administrator: {{@usr.email}}.