ifcrx (ifcrx) asked a question.
Capabilities of Support Engineers
Due to the news of a possible breach with Okta, I'm curious about the capabilites of support engineers. If someone were to gain an admin account, could they assume this type of role? Also what can this type of account perform ,basically i'd like to know a few things about the support engineer capabilities.
- Can a support engineer change a password/mfa_enabled field in database arbitrarily?
- Is that event logged?
- If this event is being logged, does it reflect on customer’s system logs too?
Hello @ifcrx (ifcrx),
Thank you for posting.
Support engineers are able to facilitate the resetting of passwords and MFA factors for users but are unable to choose those passwords, this event is logged.
The event is logged in the customer system, look for events 'reset all factors for user' and 'send user MFA to reset notification email' and the confirm the Actor which will show as an Okta account if an Okta Technical Support Engineer performed this action from SuperUser.
eventType eq "user.mfa.factor.reset_all" and eventType eq "system.email.mfa_reset_notification.sent_message
Regards,
Natalia
Okta Inc.