The Okta SSO to AWS rule is designed to monitor single sign-on (SSO) events through the Okta identity provider and their impact on AWS access. The rule is particularly focused on logging successful SSO events where users authenticate to the AWS IAM Identity Center via Okta. It operates by checking the Okta System Log for specific events of type 'user.authentication.sso', indicating a successful login to AWS. The rule does not trigger alerts but logs the activity as informational 'INFO' level events. It also deduplicates events occurring within a 60-minute window while requiring a minimum threshold of one event to be recorded. Two specific test cases are defined: one checks for successful SSO operations, while the other verifies process integrity by ensuring that users cannot log in to AWS when the application name is missing from the event log. This structured approach helps maintain visibility into user access patterns and strengthens security protocols for cloud applications.