Rogue Accounts Report
This is an Early AccessEarly Access (EA) features are opt-in features that you can try out in your org by asking Okta Support to enable them. Additionally, the Features page in the Okta Admin Console (Settings > Features) allows Super Admins to enable and disable some EA features themselves. feature. To enable it, please contact Okta Support.
The Rogue Accounts report compares assignments in Okta to accounts that exist in a specified appAn abbreviation of application. Essentially, it is a web-based site used to perform any number of specific tasks, and requires authentication from end users by signing in. and lists the discrepancies. You can find the accounts that were created directly in the application without going through Okta and correct them to ensure all access to the app is managed through Okta. Once corrected, you will only have to look in one place to see who has access and what type of access for all the applications that you manage.
The rogue accounts report provides the following two lists of users:
- Users that exist only in the app and do not exist in Okta. These accounts were created in the app and were not assigned in Okta.
- Users that exist only in Okta and do not exist in the app. These accounts were assigned in Okta, but were not created in the app.
You can correct the discrepancy by either assigning the app to the user in Okta or by deprovisioning the user in the app.
The report is visible in Okta and can also be downloaded in a comma-separated values (CSV) file. Lengthy reports are only available in CSV format.
You can launch the report from the Reports page in the App Access Audit section or from the main page for an application.
- If you launch the report from the Reports menu, you must specify the app for comparison.
- If you launch the report from an application, the application name is already filled in.
When the application name is filled in, click Run Report to create the report. The report takes a few minutes to run.
Note: If the application does not support API-based comparison, see Compare users with a CSV file below.
The report shows users in two categories: Only in [App] and Only in Okta. You can toggle between these two lists by clicking the desired category under App Account Status on the left of the report body.
Note: If there are more that 100 results to display, only the first 100 results are shown with a message in the 101st row that indicates that you must download the output in CSV format to see the full results.
Click the Download CSV button to create a CSV format of the report.
The CSV file contains the following information:
- The Only in Okta portion of the report always contains the columns titled oktaFirstName, oktaLastName, and oktaUsername.
- If the report was from an automatic download, the Only in App portion of the report contains columns titled appUserName, appFirstName, and appLastName.
- If the report was from an uploaded CSV file, described in the next section, the Only in App portion of the report contains one column containing the attribute to match. The column title can vary.
For applications where the comparison is not available through the provisioning connector, the Run Report button opens a screen for uploading a data file in CSV format, shown below. This CSV file should contain all active accounts in the application, and can be obtained by exporting the accounts from the application. The CSV file must have headers and at least one unique identifier column.
Link the App Users with Okta Users
Once a file has been correctly uploaded, you are prompted to specify how the rows should map to unique user accounts. In the screen shown below, choose fields for both the app and for Okta that map.
When done, click Run Report. The output is the same as shown above.