Generating an Authentication activity report

You can generate reports to show the authentication activity in your IBM® Security Verify tenant.

Before you begin

  • You must have administrative permission or be a member of the helpdesk group to complete this task.
  • Log in to the IBM Security Verify administration console as an Administrator.

About this task

The reports provide the following individual user activity information:
Table 1. Individual activity information
Information Attributes Descriptions
Performed by
User name
data.username
Realm
data.realm
 Includes the
User name
The Unique identifier for logging in to Verify. It can be the same as the email address of the user.
Realm
The identity source attribute that helps distinguish users from multiple identity sources that have the same user name.

This information is displayed in the Users & Groups > Users tab, and in the Edit User dialog box.

For the following identity sources:
  • Cloud Directory, the realm value is cloudIdentityRealm.
  • IBMid, the realm value is www.ibm.com.
  • SAML Enterprise, the realm value can be any unique name that you assigned when you created the identity source.
  • OnPrem LDAP, the realm value can be any unique name that you assigned when you created the identity source.
Event type detail data.subtype Displays information about the authentication event such as
  • Username and password
  • MFA
  • federation
  • social
  • Device trust
Note: The Device trust related events are not counted in the total count.
Client IP data.origin The IP address of the device that made the authentication request. The details contain an X-Force IP report link to evaluate the threat value of the address.
Result data.result Success or failure.
Time Stamp time When the authentication request was made.
Location
  • geoip.region_name
  • geoip.country_name
 The geographical location, region and country, where the authentication request was made.
Note: The region might not display accurately because of the way your network is configured. This is a known limitation.
Note: Transient events are no longer reported in authentication activity details. Transient events are reported in MFA reports only.

Procedure

  1. Select Reporting & diagnostics > Reports.
    The tiles for authentication activity, application usage, administrator activity, and multi-factor authentication activity are displayed. The Authentication activity tile shows the summary information for the past 24 hours.
  2. Select the View Report link on the Authentication activity tile.
    The summary report for the current day displays
    • The number of successful logins.
    • The number of failed logins.
    • The number of unique logins.

    A scalable graphical representation of the number of successful logins for the selected time period is displayed. The time period can be up to 90 days. The graph scale is based on the data sets and the time is displayed as local time.

    The authentication activity for individual users is also displayed. See Table 1. Select an event to see the details associated with it. See Authentication event details.

  3. Optional: Select Filters to filter the results.
    You can search by
    Identity
    Filter selections are user name, realm, and source type.
    Source
    Filter selections are client IP, location, provider ID, device ID, managed device, and compliant device.
    Event
    Filter selection is result.
    You can use any combination of filters to refine your results. Select Apply filters to modify the report. The selected filters are displayed above the graph. You can clear the filters by Selecting the Reset link.
    Note: The search fields are case-sensitive.
  4. Change the date range for the report.
    Select the From and To dates to display the calendar drop downs and select the dates for the report. You can't go back more than 90 days.
    Note: The To date cannot exceed the current date.
  5. Select Run Report.
    The Report information is refreshed.
  6. Select Login counts to display the user name, the realm, the login count for successful logins, and the time stamp of the user's last login attempt.
    The median number of logins is listed. Hover over the median login to see a list of percentiles. You can also see the percentage of users that logged in at least a specified number of times.
  7. Optional: Generate a CSV file for the report.
    1. Click Generate CSV.
    2. Follow the directions in Downloading a CSV report.