Sign-in from Recently Created IDP

Detects when an administrator successfully signs in into a newly created identity provider.
While this may be a legitimate action (such as logging in to a test IDP), if an attacker were able to perform this action it would enable them to access applications on behalf of others users.
Recommended Actions
Please confirm this is a known and expected event. If not, escalate immediately.
Compatibility
Okta
Default Detection Settings
Number of days since idp created: 90