MFA Enrollment by User report

Use this report to view which authenticators each user has enrolled in.

This report helps you improve the security of your organization. For example, you can monitor the adoption of strong authentication and assess the impact that a sign-in policy change might have on your users' ability to pass an MFA challenge.

The report data is refreshed periodically.

Before you begin

Ensure that these conditions are in place:

  • You are signed in as a super admin, org admin, read-only admin, mobile admin, or reports admin.
  • Your browser's pop-up blocker is disabled.

Get the report

  1. In the Admin Console, go to ReportsReports.
  2. In the Multifactor Authentication section, click MFA enrollment by user.
  3. Click Edit Filters.
  4. Select one of the following fields, choose an operator, and then enter an appropriate value:
    FieldValue
    Authenticator countEnter the number of distinct types of authenticators the user has enrolled in to. For example, if a user has an enrolled password, email, and Okta Verify, then the user has an authenticator count of three.
    Authenticator typeSelect the type of authenticator, such as Okta Verify.
    GroupEnter the name of a group.
    User emailEnter the user's primary email address. This may differ from their username.
    UserEnter the name of the user who is a part of your Universal Directory.
    User activatedSelect the date on which the user last transitioned to the Active status.
    User createdSelect the date on which the user was created.
    User isAdminSelect whether the user is assigned an administrative role in Okta.
    User statusSelect the user's account status, such as Active, Deprovisioned, Suspended, or Staged,
  5. Optional. Click Add Filter to add more filters, or click X to remove a filter.
  6. Click Apply to view the report.
  7. Optional. Click the gear icon () at the top of the data table to select columns to display.

To download the report, click CSV Export.

Results

The table includes columns with data that describes each user in the report. The data in the table is refreshed when you load the page, or after you've changed the filter criteria. When you download the report, more columns are available. To avoid ambiguity when joining data from CSV files across different report types, the export file uses column headings that differ from those in the Admin Console. This table describes the headings in the report:

CSV column header

UI Label

Description

user.id not applicable The user's id.
user.fullName User full name The user's first and family name.
user.email User email The user's primary email address. Note this may differ from the user's Username.
user.mobilePhone not applicable The user's mobile phone number.
authenticators.type Authenticator type A comma-separated list of the distinct types of authenticators that the user has enrolled. This list includes the Forgotten Password Question if it was enrolled in a Classic Engine org that was migrated to Identity Engine.
authenticators.count Authenticator count The count of distinct authenticator types that the user has enrolled.
groups.name Group names A comma-separated list of groups to which the user belongs.
user.isAdmin User isAdmin Whether the user is assigned an administrative role in Okta.
user.status User status The user's account status in Okta, such as Active, Pending user action, Deprovisioned, Suspended, or Staged.
user.login User username The user's username, also known as login.
user.primaryPhone not applicable The user's primary phone number.
user.created User created The timestamp when the user was created.
user.activated User activated The timestamp when a user last transitioned to Active status.