Recent Activity

The Recent Activity page of the Okta End-User Dashboard displays sign-in and security event activity.

  • Sign-ins provides end users with increased visibility into their account with a list of their most recent sign-in activity to Okta.
  • Security Events provides end users with a list of recent security events from their Okta account.

Enable Recent Activity

  1. In the Admin Console, go to Security > General.

  2. Go to the Organizational Security section.

  3. Click Edit.

  4. Select Enabled from the dropdown menu for Users can see Recent Activity.

  5. Click Save.

After enabling this feature, end users can access their recent activity using either of the following methods.

  • Click their name, then select Recent Activity.
  • Click Last sign in: 1 hour ago on the navigation bar.

Sign-ins and Security Events details

  • Sign-ins relies on a System Log event called user.authentication.verify. Okta logs this event when an end user signs in to Okta.
  • Security Events logs primary and secondary email updates, password change events, factor enrollment events, and reset events from the most recent days.

Sign-ins

Sign-ins provides end users with a summary of their most recent Okta account activity.

  • The last 100 sign-in attempts or all activity in the previous 30 day period.

  • Approximate locations for recent sign-in activity.

  • The devices used to sign in to Okta. Click any device to view recent sign-in details for that device.

  • A Report link to send any suspicious activity directly to their Okta admin.

End users on Internet Explorer might experience alignment issues with the Sign-ins table. See Browsers.

Sign-in details

After enabling this feature, there are no additional configuration settings. End users have access to the following account information.

Device

The device used by the end user to sign in to Okta. When a user clicks this link, Okta displays detailed information for each sign-in event:

  • IP Address
  • Location
  • Time
  • Browser
  • Report: end users can click Report to send unrecognized activity information directly to their admin.
Last Sign-in The most recent time that the device was used to sign in.
Last Sign-in Location The best effort or approximate location where the user signed in.
Total Sign-ins

The total sign-in count from this device.

Report to admin An option for the user to report potential suspicious activity directly to their admin.

Security Events

Security Events provides end users with a summarized list of recent security events inside their Okta account. This includes information about updates to primary and secondary email accounts, account password changes, and MFA Factor reset and enrollment.

  • The three most recent security events appear as cards. These cards contain an overview of each security event.
  • Click the security event card to open a dialog with the event details. Users can also click Report to report suspicious activity to their Okta admin directly.

  • To view more security events, click See all security events.

Security Events details

After enabling this feature, there are no additional configuration settings to configure. End users have access to the following Security Events information.

Security Events

When a user clicks a security event, Okta displays detailed information for each event:

  • Event name
  • IP address
  • Device
  • Browser
  • Location
  • Time
  • Report

The Device, IP address, and Location information appear as Unknown if the original event didn't capture enough log information.

Related topics

Suspicious Activity Reporting

Sign-on notifications for end users

Authenticator enrolled notification email for end users

Authenticator reset notifications for end users

Password changed notification for end users