Report content

Describes the content of various reports issued by Okta and examples of how to use the reports. Various types of reports can be output based on various event information stored within Okta, and system event logs are stored for the past 90 days. Reports can also be created in a format that specifies the user and the target date and time range. Please note that report creation operations may not be possible depending on the administrator role logged into the Okta management screen.

• Publishing reports
• Report usage example (Suspicious Activity)

Publishing reports

• Go to Reports > Reports screen and click any report type

Report type

• Okta Usage
• 1. Okta Password Health

• Application Usage
• 1. App Password Health
  2. SAML Capable Apps
  3. Provisioning Capable Apps

• Auth Troubleshooting
• 1. Okta Logins (Total, Failed)
  2. Auths Via AD Agent (Total, Failed)
  3. SSO Attempts

• Application Access Audit
• 1. Current Assignments
  2. Recent Unassignments

• Multifactor Authentication
• 1. MFA Usage

• Suspicious Activities
• Proxies
• 1. Proxy IP Usage

Report usage example (Suspicious Activity)

• Go to Reports > Reports screen and click Suspicious Activity​

• Set the period to issue the report, click Run Report, Download CSV​

• CSV file will be downloaded, open the file

The output report contains the following fields

• Time (date and time of the suspicious action)
• Time_ISO8601 (Date and time of the suspicious action <ISO8601 format>)
• Login
• Client IP (IP address of the user who performed the action)
• Event (content of the suspicious action)

Workforce Identity Cloud basic setting operation guide list is here