I’m dealing with a really strange problem and need some advice.
We have Google Workspace set up with Okta for authentication. A few days ago, one of our staff members tried to access her work email by going to mail.google.com. She got sent to Okta like normal, entered her credentials, but then ended up in someone else’s personal Gmail inbox instead of her work account.
The weird part is that these two people have never worked together or even met. The first employee had no idea why she could see this other person’s private emails. When she cleared her browser data and logged in again, everything worked fine and she couldn’t access that account anymore.
Then yesterday, a completely different employee from our west coast office had the exact same thing happen. She also got logged into that same personal Gmail account after authenticating through Okta. She didn’t even know the Gmail account owner worked for our company.
I checked our Okta settings and there’s no reference to this personal Gmail anywhere in our system. I’m not sure how our corporate authentication would even be able to grant access to someone’s private email account.
Has anyone seen this type of issue before? What could be causing employees to accidentally access each other’s personal accounts through our work login system?