Reports

Activity reports provide you with data that helps you understand how your end-users are using Okta and the applications and services configured for your Okta environment. Unless otherwise noted, activity reports can be run for all users, an individual user, or groupsGroups allow you to organize your end users and the apps they can access. Assigning apps to large sets of end users is made easier with groups. of users.

Activity reports include:

Okta Usage Report

The Okta Usage report contains data about who has signed in to Okta during a specified time period. The report contains the following fields:

• User
• Login
• Number of Logins
• Last Login
• Last Login_ISO8601
• User Status

Application Usage Report

The Application Usage report contains data about who has signed in to an application during a specified time period. This report can be run for all applications in your Okta environment, or specific applications. The report contains the following fields:

• Person
• Login
• Application username
• Logins
• Lfafsft Login
• Last Login_ISO8601

MFA Usage Report

The MFA Usage drdedport contains data about who is enrolled in and using the factors enabled in your Okta environment, in the last 90 days. This report is generated by factor; a user can have multiple entries in this report if that user is enrolled in multiple factors. This report contains the following fields:

• User
• Login
• MFA Factor
• Last Enrolled
• Last Enrolled_ISO8601
• Last Used
• Last Used_ISO8601

This report does not include information about a user who is not enrolled in a factor, even if that user has been assigned a factor.

YubiKey Report

The YubiKey report contains data about who is enrolled in and has used a YubiKey in a specified time period. This report contains the following fields:

• User
• Serial Number
• Upload Date
• Last Enrolled
• Last Used

SMS Usage Report

The SMS Usage report contains data about domestic and international SMS usage by month for the last 12 months, across all users in your Okta environment. The report contains the following fields for both Domestic and International SMS messages:

• Location
• Month
• User Sets up SMS
• User Logs in with SMS
• SMS Password Reset
• SMS Account Unlock
• Total

Security reports provide you with data that helps you detect potential security risks.

Okta Password Health Report

The Okta Password Health is a downloadable report in .CSV format that contains data about the password activity for the active SWAAn acronym for Secure Web Authentication. SWA is a SSO system developed by Okta to provide single sign-on for apps that don't support proprietary federated sign-on methods or SAML. Users can enter their credentials for these apps on their homepage. These credentials are stored such that users can access their apps without entering their credentials each time. When users first sign-in to a SWA app from their homepage, they see a pop-up message asking if they were able to sign-in successfully. apps in your Okta environment. This report contains the following fields:

• User
• Login
• Application Name
• Application InstanceAn instance, or computer instance, is a virtual machine (VM) or individual physical computer, used to host a software appliance.
• Application Login
• Assigned On
• Assigned On_ISO8601
• Unassigned On
• Unassigned On_ISO8601
• Last Login
• Last Login_ISO8601
• Last Password Change
• Last Password Change_ISO8601

App Password Health Report

The AppAn abbreviation of application. Essentially, it is a web-based site used to perform any number of specific tasks, and requires authentication from end users by signing in. Password Health report shows you the status of application passwords. These apps have at least one user or group assigned to them and were configured for User sets username and password.

From this page, you can also:

• Ask Users to Reset. This request adds a banner to end-users' home pages notifying them which apps require password updates. End-users can then remove the banner after resetting their passwords.

• Download a CSV report. This report tracks end-user compliance by showing the latest time an end user logged into an app, and the last time the user updated the app password in Okta. View this report to monitor users who have complied with the request, and those who have yet to change their app passwords. Note that this report only applies to users who use SSOAn acronym for single sign-on. In a SSO system, a user logs in once to the system and can access multiple systems without being prompted to sign in for each one. Okta is a cloud-based SSO platform that allows users to enter one name and password to access multiple applications. Users can access all of their web applications, both behind the firewall and in the cloud, with a single sign in. Okta provides a seamless experience across PCs, laptops, tablets, and smartphones. through Okta to sign into the app. Users who sign into the app directly are not tracked.

• Download a CSV Report of All Password Resets. This report is a composite of Ask users to reset and the CSV report.

SAML Capable Apps Report

The SAMLAn acronym for Security Assertion Markup Language, SAML is an XML-based standard for exchanging authentication and authorization data between an identity provider (IdP) and a service provider (SP). The SAML standard addresses issues unique to the single sign-on (SSO) solution, and defines three roles: the end user, the IdP, and the SP. Here's how SAML works through Okta: SP-initiated flow: the end user requests (principally through a browser) a service from the SP. The SP requests and obtains an identity assertion from the IdP (in this case, Okta). On the basis of this assertion, the SP can decide whether or not to authorize or authenticate the service for the end user. IdP-initiated flow: with Okta as the IdP, an end user goes to the Okta browser and clicks on an app, sending a SAMLResponse to the configured SP. A session is established with the SP, and the end user is authenticated. Capable Apps report contains data about the SWA applications in your Okta environment that can be converted to SAML; thus improving the security of your environment. This report is a list of all the applications that meet this criteria. From this page, you can convert each application to SAML by selecting the button a specific application.

Current Assignments Report

The Current Assignments report contains data about how an application is being used (assigned, logged in, password changes) over a specified time range. This report can be filtered by individual user, groups of users, and individual application. This report contains the following fields:

• User
• Login
• Application Name
• Application Instance
• Application Login
• Assigned On
• Assigned On_ISO8601
• Unassigned On
• Unassigned On_ISO8601
• Last Ldosgdifn
• Last Login_ISO8601
• Last Password Change
• Last Password Change_ISO8601

Recent Assignments Report

Note: This report is only visible if any unassigned applications exist.

The Recent Assignments report contains data about who has been unassigned from a specific application over a specified time period; this report also indicates the current assignment status of the user, it is possible that a user has been unassigned from a specific application, then reassigned this application. In such a scenario, the unassignment record would be present in the report and the assignment status would be assigned. This report contains the following fields:

• Name
• Username
• Unassigned On
• Assignment Status

Proxy IP Report

Note: The following features must be enabled in order to access this report:

• Geolocation for Network Zones
• Dynamic Zones OR Security Behavior Detection

Trusted proxy IP addresses can be configured in Networks. This report indicates which proxy IP addresses have been used to log in to your Okta environment; it lists all proxy IP addresses captured by any failed or successful sign in attempts from the last 30 days. When requested, this report is run asynchronously and delivered to you in CSV format via email. This report contains the following fields:

• Proxy IP
• Location
• Total Logins
• Failed Logins
• Proxy Type

Suspicious Activity Report

The Suspicious Activity report contains data about suspicious events such as failed logins and locked out users over a specified time period. The report contains the following fields:

• Time
• Login
• ClientEssentially, a client is anything that talks to the Okta service. Within the traditional client-server model, Okta is the server. The client might be an agent, an Okta mobile app, or a browser plugin. IP
• Event

Deprovision Details Report

The Deprovision Details report contains data about the applications a user has been deprovisioned from and how the deprovision was initiated (resolution type) over a specified period of time. This report can be run for individual users or applications and can be filtered by resolution type; if resolution type = manual, then the report contains information about the user who initiated the deprovision. This report contains the following fields:

• Date
• Person
• Application
• Application Username
• Resolution

Auth Troubleshooting

Auth Troubleshooting section provide links to predefined queries in our System Log about the following authentication events:

• Okta Logins (Total, Failed)
• SSO Attempts
• Auths Via AD AgentA software agent is a lightweight program that runs as a service outside of Okta. It is typically installed behind a firewall and allows Okta to tunnel communication between an on-premises service and Okta's cloud service. Okta employs several agent types: Active Directory, LDAP, RADIUS, RSA, Active Directory Password Sync, and IWA. For example, users can install multiple Active Directory agents to ensure that the integration is robust and highly available across geographic locations. (Total, Failed)

Rogue Accounts Report

Note: This feature will be deprecated in the December 2019 monthly release. Admins should use the List Users Assigned to Application API to see users who were assigned to an app in Okta, and then use custom code to generate a list of users assigned in the app itself.