Session Violation Report
The Session Violation report displays the number of times Post Auth Session evaluated sessions, how many times context changes were detected, and the actions that were triggered in response to those events. You can use the information in this report to observe violation numbers and patterns over time.
The data in this report doesn't appear in real time and may reflect a delay of up to 15 minutes.
A session violation occurs when a user no longer meets the requirements of the global session or authentication policy after a change in session context. For example, if a user couldn't satisfy authentication challenges, or if the IP address from which the user is accessing Okta changes during the session.
This report displays the following information:
- Session context change: The number of times a context change in a user session was detected.
- Session violations: The number of times a session context change results in the user not meeting the requirements of the global session policy or authentication policy.
- Users with violations: The number of unique users that had at least one session violation during the time period.
- Apps with violations: The number of unique apps that had at least one session violation during the time period.
- Okta global session access blocked: The number of times access to the global session policy was blocked after a user couldn't satisfy the authentication challenges.
- App logout triggered: The number of times logouts from apps were triggered.
- Workflow triggered: The total number of occurrences for all delegated Workflows.
- A graph of session violations over time.
- Policies: Violations grouped by policy.
- Apps: Violations grouped by app.
- System Log events.