We have an application that is used by admins to create new users in our system. This admin app behind the scene creates a new user in OKTA. Now the admins also login to the app using OKTA so they are part of an admin group. So, the app makes a call to the /api/v1/users endpoint passing an API Token in the Authorization header to create the user.
Since the API token was created by one superAdmin user. Every time a user is created. The actor in the logs is showing as the superAdmin user and not the admin user who created the new user?
This is problematic for us since now we have no audits to show which admin created which user. It only shows the superadmin.
How can we change this behavior? Can API token get generated dynamically by the admin user that is authenticated and logged in to OKTA?