Okta administrator role assigned to user

Set up the okta integration.

このページは日本語には対応しておりません。随時翻訳に取り組んでいます。翻訳に関してご質問やご意見ございましたら、お気軽にご連絡ください。

Goal

Detect when administrative privileges are provisioned to an Okta user.

Strategy

This rule lets you monitor the following Okta event to detect when administrative privileges are provisioned:

  • user.account.privilege.grant

Triage and response

  1. Contact the Okta administrator: {{@usr.email}} to confirm that the user or users should have administrative privileges.
  2. If the change was not authorized, verify there are no other signals from the Okta administrator: {{@usr.email}}.