The 'Okta Admin Role Assigned' detection rule monitors changes in user privileges within an Okta environment, specifically targeting events where administrative roles are granted to users. When a user is assigned admin privileges, an event is logged in the Okta System Log, identifying both the user who receives privileges and the administrator who grants them. The rule operates with a 15-minute deduplication period to prevent alert fatigue from multiple logs of the same event. It is associated with the MITRE ATT&CK framework under the attack technique 'Valid Accounts' (TA0004:T1078). The rule has a low severity level, indicating it should be treated as informational rather than an immediate threat. Recommendations for handling alerts include validating the legitimacy of the role assignment with the user involved, as unmonitored privilege escalations could lead to potential misuse. Links to Okta's documentation are provided for additional context on administrative roles and permissions.