MFA Enrollment by User report

This is an Early Access feature. To enable it, use the Early Access Feature Manager as described in Manage Early Access and Beta features.

Use this report to view the types and count authenticators that users in your Org have enrolled. This helps you improve the security of your organization by, for example, monitoring the adoption of strong authentication and assessing the impact that a sign-in policy change might have on your users' ability to pass an MFA challenge.

The report data is refreshed periodically during the day.

Before you begin

Ensure that:

  • You are signed in as a super admin, org admin, read-only admin, mobile admin, or reports admin.
  • Your org is powered by Okta Identity Engine.
  • Your browser’s pop-up blocker is disabled.

Get report

  1. In the Admin Console, go to Reports > Reports.
  2. In the Multifactor Authentication section click MFA enrollment by user.
  1. Click Edit Filters.
  1. Select one of the following fields, choose an operator, and then enter an appropriate value:
Field Value
Authenticator count Enter the number of distinct types of authenticators the user has enrolled in to. For example, if a user has enrolled Password, Email, and Okta Verify, then the user has an Authenticator count of 3.
Authenticator type Select the type of authenticator, such as Okta Verify.
User email Enter the user’s primary email address. Note that this may differ from the user’s Username.
User Enter the name of user who is a part of your Universal Directory.
User activated Select the date on which the user last transitioned to the Active status.
User created Select the date on which the user was created.
User isAdmin Select whether or not the user is assigned an administrative role in Okta.
User status Select the user’s account status, such as Active, Deprovisioned, Suspended, or Staged,
  1. Optional. Click Add Filter to add more filters, or click X to remove a filter.
  2. Click Apply to view the report.
To download the report, click CSV Export.

Results

The data table includes a set of columns that describe users who match the report criteria. When the page is first loaded, or after a modification to the filter criteria, the data table is refreshed. When you download the report, more columns are available. To avoid ambiguity when joining data from CSV files across different report types, the export file uses column headings that differ from those in the Admin Console. Refer to the table below for a mapping of the headings.

CSV column header

UI Label

Description

user.idnot applicableThe user’s id.
user.fullNameUser full nameThe user’s first and last name.
user.emailUser emailThe user’s primary email address. Note this may differ from the user’s Username.
user.mobilePhonenot applicableThe user’s mobile phone number.
authenticators.typeAuthenticator typeA comma-separated list of the distinct types of authenticators that the user has enrolled.
authenticators.countAuthenticator countThe count of distinct authenticator types that the user has enrolled.
user.isAdminUser isAdminWhether or not the user is assigned an administrative role in Okta.
user.statusUser statusThe user’s account status in Okta, such as Active , Pending user action, Deprovisioned, Suspended, or Staged.
user.loginUser usernameThe user’s username, also known as login.
user.primaryPhonenot applicableThe user’s primary phone number.
user.createdUser createdThe timestamp when the user was created.
user.activatedUser activatedThe timestamp when a user last transitioned to Active status.