This article aims to clarify why Admin Users received an email regarding protected actions being taken.

The email states:

Hi Okta administrator,
User <username> took the protected action "<protected_action>" in your org <Org_Name>.
View the system logs associated with the user's session here.
 

NOTE: The email will be delivered only to the other org administrators, except for the administrator who took the action. The org administrator who took the protected action will not be delivered.

• Admin Console
• Protected Actions

• Use this query to review all system log activity for emails sent: 

  debugContext.debugData.category eq "email.sendProtectedActionAttempted"

• To see why the emails were triggered, search the system log using the following query: 

  eventType eq "security.protected_action.attempt"

• Each admin has the option to personalize the admin email notifications they receive by going to Settings > Account and editing the Admin email notifications settings. The System notifications and Okta communications settings are individual, without any impact on other admins. 

Also, it is possible to remove this kind of email for super admins by:

1. Navigate to Security > Administrators > Roles > search for the Super Administrator role.
2. On the left, select the Edit button.  
3. Then, select Email and Notifications and uncheck the Admin performs a protected action. This should stop the emails with this theme.
4. Click Save.

Related References

• Protected actions in the Admin Console
• How to Configure Email Notifications for Administrator or Admin Role