Okta_ReadClientSecret

Edge Schema
General Information
Potential Attack Scenarios

Edge Schema

Source: Okta_User, Okta_Group, Okta_Application
Destination: Okta_ClientSecret
Traversable: ✅

General Information

The traversable Okta_ReadClientSecret edges represent permissions that allow a principal (user, group, or application) to read OAuth client secrets for scoped Okta applications. These edges are created for the Application Administrator, API Access Management Administrator, and Read-only Administrator built-in roles and for custom roles with the okta.apps.clientCredentials.read permission.

Potential Attack Scenarios

An attacker with the ability to read client secrets for an application assigned the Super Administrator role could potentially use the client secret to authenticate as that application and perform privileged actions in Okta.

Okta_PolicyMapping Okta_ReadPasswordUpdates

⌘I

Get Started with BloodHound

Install a Data Collector

Collect Data

OpenGraph

Analyze Attack Path Data

Manage BloodHound

API & Integrations

Resources

Okta_ReadClientSecret

Edge Schema

General Information

Potential Attack Scenarios

Get Started with BloodHound

Install a Data Collector

Collect Data

OpenGraph

Analyze Attack Path Data

Manage BloodHound

API & Integrations

Resources

​Edge Schema

​General Information

​Potential Attack Scenarios

Edge Schema

General Information

Potential Attack Scenarios