Okta provides the capability to end-users/employees in the organization to notify the administrator due to suspicious activity in their account access.
Okta suspicious activity is a feature within Okta that helps detect and mitigate potential security threats and unauthorized access to user accounts.
Below is the screenshot of how they perform that action and the report sent to the Okta administrator.
- Login with any of your end-users/employees’ accounts.
2. Click the Top Right drop-down menu and select Recent Activity
3. Okta will display all the recent activities for the logged user. You can also identify the multiple devices you use to access your Okta profile. Click the Report link.
4. Okta will display additional information in the report like the OS, IP Address, & location. Select the Report button.
5. Okta will display a message in the bottom right confirming the report was sent to the Okta administrator.
6. Now go to the Okta administrator email inbox, and you will see an email with reported information, including the user, login, and activity. You can click the Review Security Event, and you will be redirected to the logs for the Okta Suspicious Activity
7. Use your Okta credentials, and you will be able to see all Okta Logs for Suspicious Activity.
8. Additionally, you can use the following expression to look at all Okta Suspicious Activities
eventType eq "user.account.report_suspicious_activity_by_enduser"