For example, in the 2023 MGM attack, the attacker specifically accessed an account with Super Admin permissions in Okta, which they combined with an inbound federation attack to impersonate any user while in the tenant, get Azure admin privileges, and authenticate to your Azure-hosted VMware ecosystem in which they deployed ransomware. A Google pe