Security Researcher Detected: You might have ended up here because your site vulnerability scanner found something interesting. Hi! I'm a security engineer and I'm having a good time interacting with the people and bots that are interested in information security.
You will hopefully find this site is well-secured and I'm not interested in being hacked. I'm interested in learning about how people try to hack me, though.
What is this endpoint?
okta/api/v1/users
Okta Users API
What an attacker could do
A leaked Okta API token enables enumeration and modification of all user accounts, including resetting credentials, deactivating MFA factors, and creating admin users for full SSO-backed access to downstream apps.
How to defend it
Use Okta API tokens or OAuth service apps with least-privilege admin roles, bind tokens to a network zone allowlist, set short expirations, and monitor the System Log for token-driven changes.
Connect with the Security Engineer
Learn More
Want to dive deeper into this topic? Check out the official documentation.
Read Official Documentation