The Reports page displays report data that details how your end usersIn Okta literature, we generally refer to "end users" as the people who have their own Okta home page (My Applications), using chiclets to authenticate into all of their apps. End users do not have any administrative control. When we refer to "users" we are generally referring to the individual(s) who have administrative control. leverage their Okta accounts. Data includes information such as appAn abbreviation of application. Essentially, it is a web-based site used to perform any number of specific tasks, and requires authentication from end users by signing in. usage and access, deprovisioning details, and the exposure of suspicious activity, including OpenID Connect events.

In addition to the generated reports, there are several System Log queries available.

Running Reports

To run any report, click the report name, enter the parameters at the top of the screen, and finally click Run Report. You can select up to 13 months of historical data. After running a report, click the Download CSV link to obtain a CSV version.

Available Reports

The following reports are available from this page.

Okta Usage

The Okta Usage report contains data about who has signed into Okta, how many times and the dates of last login for the past 30 days. When you click on the report, it allows you to specify the range.

Application Usage

The Application Usage report contains data about how much an application is being used by user/group over a specified time range. To run the report, click the report name. There is also an option to include report data from All applications' usage. If you select this option, the data is only available to download as a CSV file (in unaggregated format).

Other reports in this section provide reporting on applications in use as well as important security actions for each.

Auth Troubleshooting

Auth Troubleshooting reports provide links to pre-defined queries in our System Log about the following authentication events:

The Ask Users to Reset Button

When you click the Ask Users to Reset button, users are sent a request to update their passwords for the appropriate app(s). This notification comes in the form of a banner on their Home page, as shown below.

The banner appears the next time your end-users sign into Okta. Once viewed, end-users can easily remove the banner, and it does not reappear unless another password reset is requested.

The CSV Report Button

Click the CSV report button to download a report that details the users of the app, the last known login to this app, and the last time they updated the app password in Okta. View this report to monitor users who have complied with the request, and those who have yet to change their app passwords.

Note: The values in this report only apply to users who use SSO through Okta to sign into the app. Users who sign into the app directly are not tracked.

The CSV Report of All Password Resets Button

This report is a composite of the Ask users to reset button and the CSV report button.

Applications Access Audit

This is an Early Access feature. To enable it, please contact Okta Support.

The Applications Access Audit section contains the following two reports: Current Assignments and Recent Unassignments..

  • Current Assignments

    The Current Assignments report contains data about how an application is being used over a specified time range. It shows which users are assigned a specified app and all the apps assigned to a specified user. This report is not recommended for apps with more than 50,000 assigned users, as downloading the CSV report may take up to 15 minutes. If you navigate away from the download page, the download stops.

  • Recent Unassignments

    Note: Only visible if any unassigned orgs exist.

    The Recent Unassignments report shows which users were unassigned from an app for a specified period. Enter an app by typing the first letter of the app and then selecting from the list that appears, and then enter the beginning and ending dates for the report. You can only run this report for one app at a time. Downloading the CSV report may take up to 3 minutes. If you navigate away from the download page, the download stops.

Multifactor Authentication

  • MFA Usage

    The MFA Usage report details Multifactor Authentication status and usage. This report shows all the MFA factors in Okta and the usage, by user. A user can have multiple entries in this report, if that user has many MFA factors configured. You can run the report for all users or for a single user. If you do not enter a user, selecting Run Report generates the report for all users.

  • Yubikey Report

    The Yubikey report contains data about user, Yubikey serial number and status for a specified period.


Suspicious Activity

The Suspicious Activity report contains data about suspicious events such as failed logins and locked out users over a specified time range. The report includes information about the time, login (user), clientEssentially, a client is anything that talks to the Okta service. Within the traditional client-server model, Okta is the server. The client might be an agent, an Okta mobile app, or a browser plugin. IP (user computer), and type of suspicious event that occurred.

Deprovision Details

The Deprovision Details report contains data about user, application deprovsioned from and resolution over a specified time range.

SMS Usage

The SMS Usage report contains data about domestic and international SMS usage for the org.