diff --git a/rules/cloud/okta/okta_admin_role_assignment_created.yml b/rules/cloud/okta/okta_admin_role_assignment_created.yml
new file mode 100644
index 000000000..85ba649c6
--- /dev/null
+++ b/rules/cloud/okta/okta_admin_role_assignment_created.yml
@@ -0,0 +1,21 @@
+title: Okta Admin Role Assignment Created
+id: 139bdd4b-9cd7-49ba-a2f4-744d0a8f5d8c
+status: test
+description: Detects when a new admin role assignment is created
+references:
+    - https://developer.okta.com/docs/reference/api/system-log/
+    - https://developer.okta.com/docs/reference/api/event-types/
+author: Nikita Khalimonenkov
+date: 2023/01/19
+tags:
+    - attack.persistence
+logsource:
+    product: okta
+    service: okta
+detection:
+    selection:
+        eventtype: iam.resourceset.bindings.add
+    condition: selection
+falsepositives:
+    - Legitimate creation of a new admin role assignment
+level: medium