# Admin Impersonation in Okta

Detects admin impersonation in Okta sessions. Okta allows impersonation for support use cases, but this can be targeted by attackers who can then impersonate other legitimate users.<br>

**Recommended Actions**

Please contact your Okta administrator to ensure the account is authorized to impersonate a user session.

We recommend Okta admins share a Teams/Slack channel and attest that the work was sanctioned, preferably with a ticket.

If the user impersonation session is not legitimate, ensure the target user is returned to a good state and start a security incident.

**Compatibility**

[Okta](/integrations/okta-data-integration.md)

<figure><img src="/files/HErLT6hS6AukoMHPV7VZ" alt=""><figcaption></figcaption></figure>

<br>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.oort.io/understanding-check-failures/oort-insights/identity-threat-detection-insights/admin-impersonation-in-okta.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.