t1087.004 | LoFP

t1087.004

Title	Tags
it's possible for legitimate administrative actions or automated processes to trigger this detection, especially if there are bulk modifications to okta idp lifecycle events. review the context of the modification, such as the user making the change and the specific lifecycle event modified, to determine if it aligns with expected behavior.	t1087.004 okta tenant splunk
there is a possibility that a user may accidentally click on the wrong application, which could trigger this event. it is advisable to verify the location from which this activity originates.	t1087.004 okta tenant splunk