Discovering Unexpected Okta Attack Paths with BloodHound

OktaHound is a new CLI data collector that queries the Okta Management API and exports Okta entities to BloodHound’s OpenGraph format, enabling visualization and discovery of privilege escalation and hybrid attack paths. The report documents several high-impact weaknesses and abuse patterns — including readable client secrets for privileged apps, SCIM password synchronization redirection, SWA cleartext password exposure, Active Directory agent/service-account risk, and misuse of user API tokens — and provides schema/edge modeling and guidance for blue/red teams rather than describing an active breach.