Troubleshoot authentication issues

When you identify access issues, you can generate a report with authentication logs for the impacted user. If those issues refer to a specific device type, you can also apply an additional filter to display the user's authentication attempts performed with this device.

After you create the authentication logs report, you can also download a csv file with the results to save it and share it with other members of the IT team for further investigation.

Troubleshoot user events

Follow this instruction to troubleshoot user access issues.

  1. In the Enterprise Center navigation menu, select Multi-factor Authentication > Reports > Authentication Events.
    The authentication events report displays the unfiltered authentication logs.

  2. To enter the report criteria, click the filter icon, and, next, click Add Report Metric (+).
    The list of available filtering conditions displays.

  3. From the list of criteria, select User, and enter the username of the user who experiences access issues.

  4. To add an additional criterion, click Add Metric.

  5. From the list of criteria, select Device Type, and, next, select the device that was used for the secondary authentication.

    troubleshoot-auth-events

  6. Click View Report.
    The report matching the entered conditions displays on the authentication events page.

ūüďė

offline-auth-icon indicates that the authentication attempt was made offline.

  1. To export the results to the csv file, click Download CSV.
    The Authentication events compressed CSV file is saved to the location where your browser saves downloaded files.

Troubleshoot integration events

Follow this instruction to troubleshoot integration access issues.

  1. In the Enterprise Center navigation menu, select Multi-factor Authentication > Reports > Authentication Events.
    The authentication events report displays the unfiltered authentication logs.

  2. To enter the report criteria, click the filter icon, and, next, click Add Report Metric (+).
    The list of available filtering conditions displays.

  3. From the list of criteria, select Integration and enter the name of the integration that couldn't be accessed by users.

  4. Click View Report.
    The report matching the entered conditions displays on the authentication events page.

In the exported CSV file, for each authentication event, you can find the following information:

  • Timestamp of the authentication attempt
  • Username of the user who attempted to access the resource
  • The resource to which the access was requested
  • Authentication factor used to authenticate
  • Device type used to authenticate
  • Device ID of the device that was used to authenticate
  • IP address of the device that was used to authenticate
  • OS name and version that‚Äôs running on the device that was used to authenticate
  • Geolocation of the device that was used to authenticate
  • Name of the browser that was used to access the resource
  • IP address (browser IP) of the device that was used to access the resource
  • OS name and version that‚Äôs running on the device that was used to access the resource (browser OS).
  • Geolocation of the device that was used to access the resource (browser geolocation).
  • The result of a particular authentication event and the reason why a particular attempt failed. The information in the Denial column points you to the cause of a particular failed authentication attempt. For example, the user entered an incorrect passcode or tapped Deny in the authentication challenge.
    The user may also fail to log in because of a lack of adequate permission in the MFA policies.
  • Offline Authentication indicates whether the authentication attempt was performed offline.