Reports

The Reports page displays report data that details how your end usersIn Okta literature, we generally refer to "end users" as the people who have their own Okta home page (My Applications), using chiclets to authenticate into all of their apps. End users do not have any administrative control. When we refer to "users" we are generally referring to the individual(s) who have administrative control. leverage their Okta accounts. Data includes information such as appAn abbreviation of application. Essentially, it is a web-based site used to perform any number of specific tasks, and requires authentication from end users by signing in. usage and access, deprovisioning details, and the exposure of suspicious activity, including OpenID Connect events.

In addition to the generated reports, there are several System Log queries available.

Running Reports

To run any report, click the report name, enter the parameters at the top of the screen, and finally click Run Report. You can select up to 6 months of historical data. After running a report, click the Download CSV link to obtain a CSV version.

Available Reports

The following reports are available from this page.

Okta Usage

The Okta Usage report contains data about who has signed into Okta, how many times and the dates of last login for the past 30 days. When you click on the report, it allows you to specify the range. If the report goes beyond the last 90 days, the default value of the past 30 days is pulled instead.

Application Usage

The Application Usage report contains data about how much an application is being used by user/group over a specified time range. To run the report, click the report name. There is also an option to include report data from All applications' usage. If you select this option, the data is only available to download as a CSV file (in unaggregated format).

Other reports in this section provide reporting on applications in use as well as important security actions for each.

• App Password Health

  The App Password Health Report opens a page that allows admins who have the proper permissions to view apps to evaluate their app password health and act on it by asking users to reset their application passwords.

  App Password Health Report Details

  The App Password Health page allows admins who have the proper permissions to view apps to evaluate their app password health and act on it by providing

  • The number of end-users using a given app
  • The elapsed time since the last time you requested a password change for this app
  • Quick communication to end-users from a push of the Ask user to reset button
  • A CSV report to track end-user compliance by showing the latest time an end user logged into an app, and the last time the user updated the app password in Okta

  Not all apps will appear on this page. Only your SWAAn acronym for Secure Web Authentication. SWA is a SSO system developed by Okta to provide single sign-on for apps that don't support proprietary federated sign-on methods or SAML. Users can enter their credentials for these apps on their homepage. These credentials are stored such that users can access their apps without entering their credentials each time. When users first sign-in to a SWA app from their homepage, they see a pop-up message asking if they were able to sign-in successfully. apps that are active, have at least one user or group assigned to them, and where you selected "User sets username and password" in the app setup, appear in this list.

  Note: In a SWA app in which the user sets the username and password, the last login time and last app password reset are not captured if the user goes directly into the app.

• SAMLAn acronym for Security Assertion Markup Language, SAML is an XML-based standard for exchanging authentication and authorization data between an identity provider (IdP) and a service provider (SP). The SAML standard addresses issues unique to the single sign-on (SSO) solution, and defines three roles: the end user, the IDP, and the SP. Here's how SAML works through Okta: SP-initiated flow: the end user requests (principally through a browser) a service from the SP. The SP requests and obtains an identity assertion from the IdP (in this case, Okta). On the basis of this assertion, the SP can decide whether or not to authorize or authenticate the service for the end user. IdP-initiated flow: with Okta as the IdP, an end user goes to the Okta browser and clicks on a chiclet, sending a SAMLResponse to the configured SP. A session is established with the SP, and the end user is authenticated. Capable Apps

  You can review all your apps to see if you have any opportunities to convert existing SWA apps to SAML. The SAML Capable Apps report opens a page that shows all apps that you can convert from SWA to SAML. The page has a button for each app take you to the app to begin the process.

  Because end users sign in to SAML apps by signing into Okta, app passwords are not required. This reduces this risk of an app being compromised. It's also more convenient for your end users, since they don't need to manage the app passwords.

• Rogue Accounts Report

  This is an Early AccessEarly Access (EA) features are opt-in features that you can try out in your org by asking Okta Support to enable them. Additionally, the Features page in the Okta Admin Console (Settings > Features) allows Super Admins to enable and disable some EA features themselves. feature. To enable it, please contact Okta Support.

  The Rogue Accounts report compares assignments in Okta to accounts that exist in a specified app and lists the discrepancies. You can find the accounts that were created directly in the application without going through Okta and correct them to ensure all access to the app is managed through Okta. Once corrected, you will only have to look in one place to see who has access and what type of access for all the applications that you manage.

Auth Troubleshooting

Auth Troubleshooting reports provide links to pre-defined queries in our System Log about the following authentication events:

• Okta Logins (Total, Failed)
• SSOAn acronym for single sign-on. In a SSO system, a user logs in once to the system and can access multiple systems without being prompted to sign in for each one. Okta is a cloud-based SSO platform that allows users to enter one name and password to access multiple applications. Users can access all of their web applications, both behind the firewall and in the cloud, with a single sign in. Okta provides a seamless experience across PCs, laptops, tablets, and smartphones. Attempts
• Auths Via AD AgentA software agent is a lightweight program that runs as a service outside of Okta. It is typically installed behind a firewall and allows Okta to tunnel communication between an on-premises service and Okta's cloud service. Okta employs several agent types: Active Directory, LDAP, RADIUS, RSA, Active Directory Password Sync, and IWA. For example, users can install multiple Active Directory agents to ensure that the integration is robust and highly available across geographic locations. (Total, Failed)

The Ask Users to Reset Button

When you click the Ask Users to Reset button, users are sent a request to update their passwords for the appropriate app(s). This notification comes in the form of a banner on their Home page, as shown below.

The banner appears the next time your end-users sign into Okta. Once viewed, end-users can easily remove the banner, and it does not reappear unless another password reset is requested.

The CSV Report Button

Click the CSV report button to download a report that details the users of the app, the last known login to this app, and the last time they updated the app password in Okta. View this report to monitor users who have complied with the request, and those who have yet to change their app passwords.

Note: The values in this report only apply to users who use SSO through Okta to sign into the app. Users who sign into the app directly are not tracked.

The CSV Report of All Password Resets Button

This report is a composite of the Ask users to reset button and the CSV report button.

Applications Access Audit

This is an Early Access feature. To enable it, please contact Okta Support.

The Applications Access Audit section contains the following two reports: Current Assignments and Recent Unassignments..

• Current Assignments

  The Current Assignments report contains data about how an application is being used over a specified time range. It shows which users are assigned a specified app and all the apps assigned to a specified user. This report is not recommended for apps with more than 50,000 assigned users, as downloading the CSV report may take up to 15 minutes. If you navigate away from the download page, the download stops.

• Recent Unassignments

  Note: Only visible if any unassigned orgs exist.

  The Recent Unassignments report shows which users were unassigned from an app for a specified period. Enter an app by typing the first letter of the app and then selecting from the list that appears, and then enter the beginning and ending dates for the report. You can only run this report for one app at a time. Downloading the CSV report may take up to 3 minutes. If you navigate away from the download page, the download stops.

Multifactor Authentication

• MFA Usage

  The MFA Usage report details Multifactor Authentication status and usage. This report shows all the MFA factors in Okta and the usage, by user. A user can have multiple entries in this report, if that user has many MFA factors configured. You can run the report for all users or for a single user. If you do not enter a user, selecting Run Report generates the report for all users.

• Yubikey Report

  The Yubikey report contains data about user, Yubikey serial number and status for a specified period.

Proxies

• Proxy IP Usage

  Note: This feature is Generally AvailableGenerally Available features are available to all orgs automatically according to each customer's SKU. You don’t need to enable them in the console or contact Okta Support. for new orgs that have the Geolocation for Network Zones feature enabled and is Early Access for all other orgs. In addition, one of the following features must first be enabled before the proxy usage report can be generated:

  • Dynamic Zones
  • Security Behavior Detection

  Trusted proxy IP addresses can be configured in Networks. As an adminAn abbreviation of administrator. This is the individual(s) who have access to the Okta Administrator Dashboard. They control the provisioning and deprovisioning of end users, the assigning of apps, the resetting of passwords, and the overall end user experience. Only administrators have the Administration button on the upper right side of the My Applications page., you can generate a report of proxy IP addresses that have been used to log in to your Okta orgThe Okta container that represents a real-world organization.. This report lists all proxy IP addresses captured by any failed or successful sign in attempts from the last 30 days from which the report was generated. As an admin, you may examine the report to ensure that there are not any unexpected or untrusted proxies listed.

  Generating a Proxy Usage Report

  1. Click Reports from the admin dashboard. All available reports that can be generated are displayed.
  2. Scroll down to Proxies section.
  3. Click Proxy IP Usage. The Generate Report screen appears.
  4. Click Generate Report to have a report emailed to you. The report will be attached as file OktaProxyUsage.csv.

  5. Open the attached file to view the report, which includes the following fields:

  • Proxy IP
  • Location
  • Total Logins
  • Failed Logins
  • Proxy Type

   

   

Suspicious Activity

The Suspicious Activity report contains data about suspicious events such as failed logins and locked out users over a specified time range. The report includes information about the time, login (user), clientEssentially, a client is anything that talks to the Okta service. Within the traditional client-server model, Okta is the server. The client might be an agent, an Okta mobile app, or a browser plugin. IP (user computer), and type of suspicious event that occurred.

Deprovision Details

The Deprovision Details report contains data about user, application deprovsioned from and resolution over a specified time range.

SMS Usage

The SMS Usage report contains data about domestic and international SMS usage for the org.

 

 

Top