Comment on page
Admin Impersonation in Okta
Detects admin impersonation in Okta sessions. Okta allows impersonation for support use cases, but this can be targeted by attackers who can then impersonate other legitimate users.
Please contact your Okta administrator to ensure the account is authorized to impersonate a user session.
We recommend Okta admins share a Teams/Slack channel and attest that the work was sanctioned, preferably with a ticket.
If the user impersonation session is not legitimate, ensure the target user is returned to a good state and start a security incident.