Thoroughly enjoyed reading Cloudflare’s response. Even listed all Okta event types critical for this investigation: user.account.reset_password, user.mfa.factor.update, system.mfa.factor.deactivate, user.mfa.attempt_bypass, user.session.impersonation.initiate. https://t.co/gMWjyjpFst