Okta SSO is the pivot point in ShinyHunters’ active SaaS campaign targeting organizations that use Okta to authenticate into Zendesk: compromised Okta cloud credentials (T1078.004) allow attackers to inherit trusted SSO session access to downstream Zendesk instances without triggering additional authentication challenges. No CVE applies; the attack exploits authentication control gaps (CWE-287) and excessive SSO trust, not a software vulnerability. Immediate priorities are to enforce phishing-resistant MFA on all Okta accounts with Zendesk access, revoke suspicious sessions via Okta Admin Console, rotate credentials for Zendesk-connected accounts, and audit Okta System Log for anomalous consent grants and session patterns consistent with this campaign.