App Password Health report

Overview

The App Password Health report shows you the status of application passwords.

These app integrations have at least one user or group assigned to them and were configured with User sets username and password.

Prerequisites

  • Ensure that you are signed in to the Okta Admin Console.

  • This report can be run by anyone with one of the following permission levels:

    • Super Administrator

    • Org Administrator

    • Read-Only Administrator

    • Mobile Administrator

    • Report Administrator

Parameters

This report does not take any parameters as input.

Procedure

  1. From the Admin Console, navigate to Reports > Reports.

  2. Click App Password Health.

  3. The report page shows all the SWA app integrations in your org, along with:

    • Number of users assigned to that app integration

    • The last time that the users were asked to reset their passwords

    • Two action links:

      • Ask users to reset their password for that SWA app integration. This request adds a banner to end-user home pages notifying them which app integrations require password updates. End users can remove the banner after resetting their passwords.

      • Download a CSV report for that SWA app integration. This comma separated value (CSV) report tracks end user compliance by showing the latest time that an end user logged into an app, and the last time the user updated the app password in Okta. Use this report to monitor users who have complied with the request, and determine which users have not changed their app passwords. Note that this report only applies to users who sign into the app using single sign-on (SSO) through Okta. Users who sign into the app directly are not tracked.

    • You can also download a CSV report of all password resets. This report contains the same fields as an individual app integration report, but returns data for all SWA app integrations in your org.

Asynchronous Application Usage

This is an Early Access feature. To enable it, use the Early Access Feature Manager as described in Manage Early Access and Beta features.

If you activate the Asynchronous Application Usage feature, the procedure to create the report is simplified and runs in the background. The process is the same as described above; however, instead of clicking CSV report of all password resets, click Request CSV report of all password resets.

Okta generates the report in a background task and sends an email with a link to download the report as a CSV file.

Results

The CSV reports contain the following information:

Field name Field description

User

Display name of the users assigned to the app integration

Login

Unique ID (email or UUID) for the user

Application Name

Name of the app integration

Application Instance

Instance name of the app integration

Application Login

Email address of the user who has signed into that app integration

Assigned On

Timestamp of when the app integration was assigned to the user.

The timestamp returned in this field uses the Pacific time zone.

Assigned On_ISO8601

Timestamp of when the app integration was assigned to the user, in ISO 8601 format

Unassigned On

Timestamp when the app integration was unassigned from the user.

The timestamp returned in this field uses the Pacific time zone.

Unassigned On_ISO8601

Timestamp when the app integration was unassigned from the user, in ISO 8601 format

Last Login

Timestamp when the user last signed in to the app integration.

The timestamp returned in this field uses the Pacific time zone.

Last Login_ISO8601

Timestamp when the user last signed in to the app integration, in ISO 8601 format

Last Password Change

Timestamp when the user last changed their password for the app integration.

The timestamp returned in this field uses the Pacific time zone.

Last Password Change_ISO8601

Time stamp when the user last changed their password for the app integration, in ISO 8601 format