The Reports page displays report data that details how your end usersIn Okta literature, we generally refer to "end users" as the people who have their own Okta home page (My Applications), using chiclets to authenticate into all of their apps. End users do not have any administrative control. When we refer to "users" we are generally referring to the individual(s) who have administrative control. leverage their Okta accounts. Data includes information such as appAn abbreviation of application. Essentially, it is a web-based site used to perform any number of specific tasks, and requires authentication from end users by signing in. usage and access, deprovisioning details, and the exposure of suspicious activity, including OpenID Connect events.

In addition to the generated reports, there are several System Log queries available.

Running Reports

To run any report, click the report name, enter the parameters at the top of the screen, and finally click Run Report. You can select up to 6 months of historical data. After running a report, click the Download CSV link to obtain a CSV version.

Available Reports

The following reports are available from this page.

Okta Usage

The Okta Usage report contains data about who has signed into Okta, how many times, and the dates of last login for the past 30 days. When you click on the report, it allows you to specify the range. If the report goes beyond the last 90 days, the default value of the past 30 days is pulled instead.

Application Usage

The Application Usage report contains data about how much an application is being used by user/group over a specified time range. To run the report, click the report name. There is also an option to include report data from All applications' usage. If you select this option, the data is only available to download as a CSV file (in unaggregated format).

Other reports in this section provide reporting on applications in use as well as important security actions for each.

Auth Troubleshooting

Auth Troubleshooting reports provide links to pre-defined queries in our System Log about the following authentication events:

Applications Access Audit

The Applications Access Audit section contains the following two reports: Current Assignments and Recent Unassignments..

  • Current Assignments

    The Current Assignments report contains data about how an application is being used over a specified time range. It shows which users are assigned a specified app and all the apps assigned to a specified user. This report is not recommended for apps with more than 50,000 assigned users, as downloading the CSV report may take up to 15 minutes. If you navigate away from the download page, the download stops.

  • Recent Unassignments

    Note: Only visible if any unassigned orgs exist.

    The Recent Unassignments report shows which users were unassigned from an app for a specified period. Enter an app by typing the first letter of the app and then selecting from the list that appears, and then enter the beginning and ending dates for the report. You can only run this report for one app at a time. Downloading the CSV report may take up to 3 minutes. If you navigate away from the download page, the download stops.

Multifactor Authentication


Suspicious Activity

The Suspicious Activity report contains data about suspicious events such as failed logins and locked out users over a specified time range. The report includes information about the time, login (user), clientEssentially, a client is anything that talks to the Okta service. Within the traditional client-server model, Okta is the server. The client might be an agent, an Okta mobile app, or a browser plugin. IP (user computer), and type of suspicious event that occurred.

Deprovision Details

The Deprovision Details report contains data about users, the applications they were deprovisioned from, and resolution over a specified time range.

SMS Usage

The SMS Usage report contains data about domestic and international SMS usage for the org.