This detection rule targets the unauthorized access of Okta admin functions through proxy servers. It focuses on specific request URIs that contain the term 'admin' and checks if the request is being routed through a proxy, which is indicative of potential credential access or administrative compromise. Using contextual filters, the rule aims to differentiate legitimate administrative actions from potential security threats. False positives can arise from genuine administrative access via proxies; thus, organizations may need to incorporate additional criteria to minimize alert noise.