The Authentication Events report presents unfiltered authentication logs.
The authentication events display in a table where each row corresponds to an access attempt. The data displays in descending order, so the most recent logins appear first. To see the most recent authentication events, you may need to reload the page.
For each authentication event, you can see the following information:
Log-in date and time
Username of the user who attempted to access the selected resource
Resources to which the access was requested
Authentication factors used to authenticate
Device types used to authenticate
Device ID of the device used to authenticate
The result of a particular authentication event and the reason why a particular attempt failed. The information in the Result column points you to the cause of a particular failed authentication attempt.
For example, the user entered an incorrect passcode or tapped Denied in the authentication challenge.
The user could have also failed to log in because of a lack of adequate permission in the MFA policies. In this case, you can check the policy ID and verify the policy settings.
You can see the graphical presentation of the authentication log results that provide you with the total counts for the successful and failed authentications on a timeline.
Use the time frame selector to filter the authentication logs by a specific time period. The maximum time range to retrieve the past authentication events is 30 days.
You can also filter the authentication events by applying the following criteria:
Authentication Factors. Lets you generate a report for the following types of authentication factors:
- Push. Sends a push notification with Allow and Deny action buttons to the user’s enrolled mobile device letting the user confirm their identity or block unauthorized access attempts.
- Phone call. Uses telephony APIs to call the user's registered phone number, including landlines, and forward the verification code via voicemail.
- SMS OTP. Sends the verification one-time passcodes via a text message to the user’s enrolled mobile device.
- WebAuthn/FIDO2 security key. Uses FIDO2 standards to securely authenticate the user with the help of the hardware security key such as a Yubikey USB token.
- Phone security key. Uses FIDO2 standards to securely authenticate the user with the help of the Akamai MFA mobile app and browser extension that transform the user’s smartphone into a roaming authenticator.
- Email OTP. Sends the verification one-time passcodes via email to the user’s enrolled mobile device.
- Push TOTP. Sends one-time passcodes to the user’s enrolled mobile device.
- Bypass. With this backup method, the Help desk admin generates a 16-digit passcode on the user's request. The user can then bypass Akamai MFA and authenticate using the code.
- Clientless push. Sends a text message with a link that leads the user to a webpage displaying the login request.
See Allowed authentication methods to learn more about each of those factors.
Device types. Lets you generate a report for the following types of authentication devices:
- Push. Any device that supports push notifications, for example, tablets and smartphones.
- Phone only. A non-smartphone mobile device that supports only text messages and calls.
- Security key. A FIDO2 WebAuthn security key such as a YubiKey or Akamai MFA phone security key.
- Email. A backup authentication method that technically isn’t a device. It lets users log in when their registered authentication device is unavailable.
- Bypass code. A backup authentication method that technically isn’t a device. It lets users log in when their registered authentication device is unavailable.
- TOTP. One-time passcodes generated by Akamai MFA mobile app.
- Third-party authenticator. One-time passcodes that are generated by external OTP code providers such as Duo Mobile or Google Authenticator.
Integration. Lets you generate a report for integrations that you can select from the list of all integrations configured for your organization.
Result. Lets you generate a report for successful or blocked authentication attempts.
Username. Lets you enter manually the usernames for which you wish to generate the authentication events report.
The authentication events report supports you in identifying and monitoring issues that users may encounter when they attempt to access enterprise resources.
In the Enterprise Center navigation menu, select Multi-factor Authentication > Reports > Authentication Events.
The authentication events report displays the unfiltered authentication data.
To enter the report criteria, click Add Report Metric (+).
The list of available filtering conditions displays.
From the list, select one or more criteria:
Authentication factor. Displays the list of allowed secondary authentication factors. Select or multi-select methods for which you want to create the report.
Device type. Displays the list of allowed authentication devices. Select or multi-select the types of device for which you want to create the report.
Integration. Displays the list of all configured integrations. Select or multi-select the integrations to which users requested access.
Result. Select whether you want to generate the report for log-in attempts that were successful by selecting Success, or unsuccessful by selecting Denied.
Username. Enter manually the usernames for which you want to generate the report.
If you want to remove all entered criteria, click Clear All.
Click View report.
The authentication events report returns the results that match the entered criteria.
To filter data based on a predefined time range, click the calendar icon and select one of the following options:
- This week
- Last week
- This month
- Last month
- This year
- Last year
To filter data by a specific date and time range, click the calendar icon, and follow these steps, when the calendar appears:
- Select the Start date and the End date of your time range.
Next, enter the Start time and the End time in a 24-hour clock format.
- Select the Start date and the End date of your time range.
Click Apply to confirm the entered time range.
The authentication events that occurred within that time period appear.
Updated 6 months ago