Detects admin impersonation in Okta sessions. Okta allows impersonation for support use cases, but this can be targeted by attackers who can then impersonate other legitimate users.

Recommended Actions

Please contact your Okta administrator to ensure the account is authorized to impersonate a user session.

We recommend Okta admins share a Teams/Slack channel and attest that the work was sanctioned, preferably with a ticket.

If the user impersonation session is not legitimate, ensure the target user is returned to a good state and start a security incident.

Compatibility

Okta