> ## Documentation Index > Fetch the complete documentation index at: https://bloodhound.specterops.io/llms.txt > Use this file to discover all available pages before exploring further. # Privilege Zone Rules > Okta extension Privilege Zone rules Applies to BloodHound Enterprise and CE The following Privilege Zone rules can be imported into BloodHound to group nodes for Cypher query analysis and BloodHound Enterprise finding generation. This file is automatically generated from the [JSON Privilege Zone rule files](https://github.com/SpecterOps/openhound-okta/tree/main/extension/privilege_zone_rules). ## Organization Organization nodes in Okta. Zone: Tier Zero ```cypher theme={null} MATCH (n:Okta_Organization) RETURN n ``` This rule is defined in the [organization.json](https://github.com/SpecterOps/openhound-okta/tree/main/extension/privilege_zone_rules/organization.json) file. ## Tier Zero Devices Devices associated with principals who have SUPER\_ADMIN or ORG\_ADMIN role assignments. Zone: Tier Zero ```cypher theme={null} MATCH (n:Okta_Device)-[:Okta_DeviceOf]->(:Okta)-[:Okta_HasRoleAssignment|Okta_MemberOf*1..2]->(r:Okta_RoleAssignment)-[:Okta_ScopedTo]->(:Okta_Organization) WHERE r.type = "SUPER_ADMIN" OR r.type = "ORG_ADMIN" RETURN n ``` This rule is defined in the [tier0-devices.json](https://github.com/SpecterOps/openhound-okta/tree/main/extension/privilege_zone_rules/tier0-devices.json) file. ## Tier Zero Principals Principals with SUPER\_ADMIN or ORG\_ADMIN role assignments. Zone: Tier Zero ```cypher theme={null} MATCH (n:Okta)-[:Okta_HasRoleAssignment|Okta_MemberOf*1..2]->(r:Okta_RoleAssignment)-[:Okta_ScopedTo]->(:Okta_Organization) WHERE r.type = "SUPER_ADMIN" OR r.type = "ORG_ADMIN" RETURN n ``` This rule is defined in the [tier0-principals.json](https://github.com/SpecterOps/openhound-okta/tree/main/extension/privilege_zone_rules/tier0-principals.json) file.