---
title: Okta MFA Bypass Attempted
description: Datadog, the leading service for cloud-scale monitoring.
breadcrumbs: Docs > Datadog Security > OOTB Rules > Okta MFA Bypass Attempted
---

# Okta MFA Bypass Attempted
Classification:attackTactic:[TA0006-credential-access](https://attack.mitre.org/tactics/TA0006)Technique:[T1111-multi-factor-authentication-interception](https://attack.mitre.org/techniques/T1111) 
## Goal{% #goal %}

Detect when a user attempts to bypass multi-factor authentication (MFA).

## Strategy{% #strategy %}

This rule lets you monitor the following Okta events to detect when a user attempts to bypass MFA:

- `user.mfa.attempt_bypass`

## Triage and response{% #triage-and-response %}

Contact the user who attempted to bypass MFA and ensure the request was legitimate.