Report types
Reports are grouped in the following categories:
Identity Governance Reports are also available to customers who are subscribed to Okta Identity Governance
Activity Reports
Activity reports provide you with data that helps you understand how your users are using Okta and the applications and services configured for your Okta environment. Unless otherwise noted, activity reports can be run for all users, an individual user, or groups of users.
Okta Usage Report
The Okta Usage report contains data about who has signed in to Okta during a specified time period. The report contains the following fields:
- User
- Login
- Number of Logins
- User Status
- Last Login_ISO8601
The Okta Usage Report converts the start and end dates to Coordinated Universal Time (UTC). When you specify a time period, keep in mind that the results of the report may differ depending on your local time zone.
Application Usage Report
The Application Usage report contains data about who has signed in to an app integration during a specified time period.
This report can be run for all app integrations in your Okta environment or for specific app integrations.
MFA Usage Report
The MFA Usage report provides a list of all authenticator enrollments based on authentication activity from your users when they sign in to their accounts. Each row in this report is based on an enrolled authenticator for each user.
This report is generated by factor; a user can have multiple entries in this report if that user is enrolled in multiple factors. For detailed information, see MFA Usage report.
YubiKey Report
The YubiKey report contains data about who is enrolled in and has used a YubiKey in a specified time period. This report contains the following fields:
- User
- Serial Number
- Upload Date
- Last Enrolled
- Last Used
Telephony Usage Report
The Telephony Usage report displays data about an org's telephony events over time. The report can be filtered by voice or SMS events, and helps admins quickly identity and troubleshoot deliverability or request issues within their org.
Security Reports
Security reports provide you with data that helps you detect potential security risks.
Okta Password Health Report
The Okta Password Health report is a downloaded report in .CSV format that contains the current status of Okta passwords for your org.
See Okta Password Health Report.
SAML Capable Apps Report
The SAML Capable Apps report shows which SWA app integrations in your Okta environment can be converted to SAML.
Converting SWA app integrations to SAML improves the security of your environment because Okta handles the authentication to the application, so individual passwords aren't required.
Provisioning Capable Apps Report
This report lists all apps in your org that are provisioning capable but currently don't have provisioning enabled.
Click Enable Provisioning to go to the Provisioning tab for this application where you can configure provisioning.
Proxy IP Report
Note: The following features must be enabled in order to access this report:
- Geolocation for Network Zones
- Dynamic Zones OR Behavior Detection and evaluation
Trusted proxy IP addresses can be configured in Networks. This report indicates which proxy IP addresses have been used to log in to your Okta environment; it lists all proxy IP addresses captured by any failed or successful sign in attempts from the last 30 days. When requested, this report is run asynchronously and delivered to you in CSV format via email. This report contains the following fields:
- Proxy IP
- Location
- Total Logins
- Failed Logins
- Proxy Type
Suspicious Activity Report
The Suspicious Activity report queries the System Log to show data about suspicious events such as failed logins and locked out users over a specified time period.
Deprovision Details Report
The Deprovision Details report queries the System Log for data about the applications a user has been deprovisioned from and how the deprovision was initiated (resolution type) over a specified period of time. See Deprovision Details report.
Admin Role Assignments Report
The Admin Role Assignments Report lists the admin role assignments and components across your org. You can filter by admin, role, and resource set components, a specification within these components, or a combination of both.
System Log Queries
Auth Troubleshooting
Auth Troubleshooting section provide links to predefined queries in our System Log about the following authentication events:
- Okta Logins (Total, Failed)
- SSO Attempts
- Auths Via AD Agent (Total, Failed)
Application Access
The Application Access queries the system log to see when users accessed any app integration in your Okta org.
You can use the filters to show detailed events and trends for application access over a period time.
The default query eventType eq "user.authentication.sso" shows all SSO attempts for the specified duration.