Report types

We have grouped the available reports into the following categories:

Activity Reports

Activity reports provide you with data that helps you understand how your end-users are using Okta and the applications and services configured for your Okta environment. Unless otherwise noted, activity reports can be run for all users, an individual user, or groups of users.

Okta Usage Report

The Okta Usage report contains data about who has signed in to Okta during a specified time period. The report contains the following fields:

  • User
  • Login
  • Number of Logins
  • User Status
  • Last Login_ISO8601

Application Usage Report

The Application Usage report contains data about who has signed in to an app integration during a specified time period.

This report can be run for all app integrations in your Okta environment or for specific app integrations.

See Application Usage report.

MFA Usage Report

The MFA Usage report provides a list of all authenticator enrollments based on authentication activity from your users when they sign in to their accounts. Each row in this report is based on an enrolled authenticator for each user.

This report is generated by factor; a user can have multiple entries in this report if that user is enrolled in multiple factors. For detailed information, see MFA Usage report.

YubiKey Report

The YubiKey report contains data about who is enrolled in and has used a YubiKey in a specified time period. This report contains the following fields:

  • User
  • Serial Number
  • Upload Date
  • Last Enrolled
  • Last Used

SMS Usage Report

The SMS Usage report contains data about domestic and international SMS usage by month for the last 90 days, across all users in your Okta environment. The report contains the following fields for both Domestic and International SMS messages:

  • Location
  • Month
  • User Sets up SMS
  • User Logs in with SMS
  • SMS Password Reset
  • SMS Account Unlock
  • Total

Security Reports

Security reports provide you with data that helps you detect potential security risks.

Okta Password Health Report

The Okta Password Health is a downloaded report in .CSV format that contains data about the password activity for the active apps in your Okta environment. This report contains the following fields (not all may be applicable for your org):

  • User
  • Login
  • Application Name
  • Application Instance
  • Application Login
  • Assigned On
  • Assigned On_ISO8601
  • Unassigned On
  • Unassigned On_ISO8601
  • Last Login
  • Last Login_ISO8601
  • Last Password Change
  • Last Password Change_ISO8601

App Password Health Report

The App Password Health report shows you the status of application passwords.

These app integrations have at least one user or group assigned to them and were configured with User sets username and password.

See App Password Health report.

SAML Capable Apps Report

The SAML Capable Apps report shows which SWA app integrations in your Okta environment can be converted to SAML.

Converting SWA app integrations to SAML improves the security of your environment because Okta handles the authentication to the application, so individual passwords are not required.

See SAML Capable Apps report.

Provisioning Capable Apps Report

This report lists all apps in your org that are provisioning capable but currently don’t have provisioning enabled.

Click Enable Provisioning to go to the Provisioning tab for this application where you can configure provisioning.

Current Assignments Report

The Current Assignments report contains data about how often an app integration is being used (assigned, logged in, password changes) over a specified time range.

This report can be filtered by individual users, groups of users, or by individual app integration.

See Current Assignments report.

Recent Unassignments Report

The Recent Unassignments report contains data about who has been unassigned from a specific app integration during a specified period of time.

This report also indicates the current Assignment Status of the user, because it is possible that a user has been unassigned from a specific app integration, and then reassigned to this app integration. In such a scenario, the unassignment record is present in the report although the assignment status is assigned.

Note

This report is only visible if any unassigned applications exist.

See Recent Unassignments report.

Proxy IP Report

Note: The following features must be enabled in order to access this report:

Trusted proxy IP addresses can be configured in Networks. This report indicates which proxy IP addresses have been used to log in to your Okta environment; it lists all proxy IP addresses captured by any failed or successful sign in attempts from the last 30 days. When requested, this report is run asynchronously and delivered to you in CSV format via email. This report contains the following fields:

  • Proxy IP
  • Location
  • Total Logins
  • Failed Logins
  • Proxy Type

Suspicious Activity Report

The Suspicious Activity report contains data about suspicious events such as failed logins and locked out users over a specified time period.

The report contains the following fields:

  • Time
  • Login
  • Client IP
  • Event

Deprovision Details Report

The Deprovision Details report contains data about the applications a user has been deprovisioned from and how the deprovision was initiated (resolution type) over a specified period of time. This report can be run for individual users or applications and can be filtered by resolution type; if resolution type = manual, then the report contains information about the user who initiated the deprovision. This report contains the following fields:

  • Date
  • Person
  • Application
  • Application Username
  • Resolution

System Log Queries

Auth Troubleshooting

Auth Troubleshooting section provide links to predefined queries in our System Log about the following authentication events:

  • Okta Logins (Total, Failed)
  • SSO Attempts
  • Auths Via AD Agent (Total, Failed)

Application Access

The Application Access queries the system log to see when users accessed any app integration in your Okta org.

You can use the filters to show detailed events and trends for application access over a period time.

The default query eventType eq "user.authentication.sso" shows all SSO attempts for the specified duration.

See Application Access report.

Deprecated Reports

Rogue Accounts Report

Note: This feature was removed in the December 2019 monthly release. Admins should use the List Users Assigned to Application API to see users who were assigned to an app in Okta, and then use custom code to generate a list of users assigned in the app itself.

Related topics

Run reports

Receive reports by email