Post auth session violations widget
The Post Auth Session Violations widget displays statistics and the status of session violations in your org. You can use the information on this widget to watch for spikes in violations or observe patterns over a period of time.
The information that appears in this widget changes depending on how you configure Post Auth Session. It can display statistics on these items:
- Access violations for apps and users
- Global session policies that were blocked
- Logouts, security measures, and any delegated Workflows that were triggered in response to violations
The data in these widgets doesn't appear in real time and may reflect a delay of up to 15 minutes.
Initial view
Before you configure the Post Auth Session feature, the widget displays basic information about access violations in the initial view:
- Session violations: The number of violations that Post Auth Session has detected
- Users with violations: The number of user accounts in which Post Auth Session violations were detected
- Apps with Post Auth Session violations: The list of apps in which Post Auth Session violations were detected
Okta records access violations in the System Log even if you don't enable Post Auth Session. If you enable it, different information appears on the widget.
The gray Monitoring status indicator appears at the top of the widget.
Click Past 7 days or Past 24 hours to switch views.
Click X apps in report to view the data in the Session Violation Report. See Session Violation Report.
To configure Post Auth Session, click Enforce post auth session evaluation. The Post Auth Session page appears. See Enforce post auth session evaluation policy.
Status indicator
The status indicator appears on the Post auth session page and under the dashboard widget titles. It changes depending on how you've configured Post auth session:
- Monitoring: This status indicates that Okta is monitoring your org for violations, populating the dashboard widgets, and recording events to the System Log. You haven't configured a response. This indicator only appears in gray.
- Enforced: This status indicates that Okta is monitoring your org for access violations, populating the dashboard widgets, and recording events to the System Log. You haven't configured a response. In addition, your policies are enforced, and users may be required to re-authenticate if Post auth session detects an issue. This indicator only appears in green.
- Enforced with action: This status indicates that Okta is monitoring your org for access violations, populating the dashboard widgets, and recording events in the System Log. You've configured Post auth session to log users out of Okta or logout-enabled apps, or to launch a Workflow in response.
Logout view
This view appears if you enforce Post Auth Session and select the Logout option as a response. The widget displays the following information:
- App logout triggered: The number of times that app logout was invoked in the specified timeframe
- Security response: The number of actions taken in response to a violation
- Logout by app: The number of logouts that were triggered for each app and the number of unique users affected
The green Enforced with action status indicator appears at the top of the widget.
Click Past 7 days or Past 24 hours to switch views.
Click Edit Post Auth Session to edit your Post Auth Session configuration. This option only appears if you've already enabled Post Auth Session.
Workflow view
This view appears if you enforce Post Auth Session and select the Run a Workflow option as a response. The widget displays the following information:
- Workflow triggered: The number of times Okta triggered a Workflow in response to a violation
- Workflow triggered by app: The number of times Workflows were triggered for each app
The green Enforced with action status indicator appears at the top of the widget.
Click Edit Post Auth Session to edit your Post Auth Session configuration. This option appears only if you already enabled Post Auth Session.
Okta Global Session access blocked view
This view appears if you activate Post Auth Session but don't configure any action as a response. It indicates how many times access to the global session policy was blocked because the user failed the authentication challenges.
The green Enforced status indicator appears at the top of the widget.
Click Past 7 days or Past 24 hours to switch views.
Click View Session Violations report to view the data in the Session Violation Report. See Session Violation Report.
Click Edit Post Auth Session to edit your Post Auth Session configuration. This option appears only if you already enabled Post Auth Session.
Related topics
Post auth session evaluation with Identity Threat Protection