Your OneLogin account includes a standard set of reports located in Activity > Reports. If your subscription supports it, you can also create your own reports based on a wide variety of attributes and details.
Standard Reports
These reports come standard with all OneLogin subscriptions. They can be viewed, downloaded as CSV files, or run in the background, but cannot be modified or removed.
Application access
|
Displays and timestamps all successful app logins in the past three months
|
Applications
|
Displays up to 5,000 currently configured apps and how many users are assigned to each
|
Assumed user activity last 3 months
|
Displays and timestamps all actions taken by an administrator while assuming another user in the past three months
|
High-risk events
|
Displays and timestamps all events given a risk score above 50, including the reason for the score
This report requires a OneLogin subscription that includes SmartFactor Authentication. If risk-based reporting is not supported by your OneLogin plan, it will appear in your list of reports but will not display any data.
|
Inactive users
|
Displays all users who have not logged in within the past month, along with the time and date of their last login
|
New users
|
Displays all users created in the last month, along with the time and date of their creation
|
Privileged users
|
Displays the permissions given to all currently privileged users
|
SAML App Security Opportunities
|
Displays all applications currently configured with form-based authentication that have a SAML-enabled app connector available to use
|
Suspended users
|
Displays all users with the suspended status
|
Unlicensed users
|
Displays all users with the unapproved state
|
Users and privileges
|
Displays all users, along with their current privileges and group affiliations
|
Weak passwords
|
Displays all users with weak application passwords, grouped by app
|
Note: All Report timestamps are displayed in GMT.
Custom Reports
This feature requires a OneLogin subscription that includes Single Sign-On. Speak with your account representative for more information.
Creating Custom Reports
Click New Report to create and configure your own custom reports based on your given criteria and displaying columns with your chosen details. Choose a report type, give the report a name, then select one or more Conditions. When ready, Save the report.
Tip! All Date conditions can be entered with natural language. You can enter specific dates, e.g. December 3, 2099 , or relative dates, such as this week , 6 hours ago , or 2 months ago .
Editing Custom Reports
After you save your new report, you're taken immediately to the report editor. You can also edit any custom report while viewing it by selecting Edit Report in the More Actions menu.
Note: Standard reports cannot be edited. If desired, however, you can select Clone Report in the More Actions menu of any standard report to create an editable copy.
Columns
Add the details your report should display by selecting them in the Add column dropdown menu. When a column is selected, it will appear in the report beneath your settings; continue using the same menu to add any additional columns. New columns will always appear at the far right of the table and at this time cannot be re-ordered except by removing and re-adding columns in the desired order.
Hover over column headers in the table to remove the column or to sort or group your table by that value.
Mode
By default, most reports are Run in admin console, meaning that they're readily viewable at any time by selecting them in your Reports list. For very large reports, however, you may prefer them to Run in the background for the sake of performance and load time. When this mode is selected, the report will not display in your OneLogin admin portal, but instead prompt you to request a copy of the report
You can continue to use OneLogin normally while the report is generated in the background and emailed to you when complete. You can also monitor the status of the request or see previously completed report requests in your Jobs.
Tip! To keep a potentially large report accessible in the admin console, you can enter a Row limit to automatically truncate your report to a maximum number of rows.
Report Types
Reports in OneLogin fall into four different categories, each with different conditions and columns available to be selected:
User Details
These reports display users and their attribute or activity details, such as group or directory affiliations, authentication factors, recent logins, etc.
Conditions
Condition
|
Type
|
Description
|
App
|
String
|
Displays users assigned to a given application
|
Company
|
String
|
Displays users with a given Company attribute
|
Created
|
Date
|
Displays users based on their date of creation
|
Department
|
String
|
Displays users with a given Department attribute
|
Directory
|
String
|
Displays users syncing with a given directory
|
DistinguishedName
|
String
|
Displays users with a given DistinguishedName attribute
|
Duplicated users
|
True/False
|
Displays users based on whether they have any matching duplicates
|
Email
|
String
|
Displays users with a given Email attribute
|
Enabled users
|
True/False
|
Displays users based on whether or not they have been enabled
|
Full name
|
String
|
Displays users with given First name and Last name attributes
|
Group
|
String
|
Displays users belonging to a given group
|
Has Permissions?
|
True/False
|
Displays users based on whether or not they've been granted any permissions
|
Last login
|
Date
|
Displays users baed on their most recent login date
|
Manager
|
String
|
Displays users with a given Manager attribute
|
MemberOf
|
String
|
Displays users with a given MemberOf attribute
|
OTP identifier
|
String
|
Displays users based on their identifier for use with one-time password (OTP) login
|
OTP type
|
String
|
Displays users based on the type of OTP login they use
|
Password changed
|
Date
|
Displays users based on the date their password was most recently changed
|
Permission
|
Selection
|
Displays users based on the specific privileges they've been granted
|
Phone
|
String
|
Displays users with a given Phone number attribute
|
Policy
|
String
|
Displays users based on their assigned security policy
|
Role
|
String
|
Displays users assigned to a given role
|
Security Questions
|
True/False
|
Displays users based on whether they've configured security questions as one of their authentication factors
|
State
|
Selection
|
Displays users based on their current user state
|
Status
|
Selection
|
Displays users based on their current user status
|
Title
|
String
|
Displays users with a given Title attribute
|
Trusted IdP
|
String
|
Displays users configured with a given Trusted Identity Provider (TIdP)
|
User Id
|
Exact string
|
Displays the user matching a unique User ID
|
Username
|
String
|
Displays users with a given Username attribute
|
Columns
|
App
|
Company
|
Created
|
Delegated Privileges
|
Department
|
Directory
|
DistinguishedName
|
Email
|
First name
|
Full name
|
Group
|
Last login
|
Last name
|
Linked Account
|
Manager
|
MemberOf
|
OTP identifier
|
OTP type
|
Password changed
|
Permission
|
Personal Email
|
Phone
|
Policy
|
Role
|
Role Id
|
Security Questions
|
State
|
Status
|
Title
|
Trusted Idp
|
User Id
|
Username
|
Work Email
|
Events
These reports display events such as failed sign-in attempts, new user creations, accesses to policy data, etc.
Condition
|
Type
|
Description
|
Acting user
|
String
|
Displays events initiated by a given user
|
Affected user
|
String
|
Displays events affecting a given user
|
App
|
String
|
Displays events associated with a given application
|
Assuming user
|
String
|
Displays events initiated by a given admin while assuming another user
|
Created
|
Date
|
Displays events based on the date they occurred
|
Directory Sync
|
Number
|
Displays events based on how many other directories they're synced with
|
Event type
|
Selection
|
Displays a specific types of event
|
IP address
|
String
|
Displays events initiated by a given IP address
|
Risk score
|
Number
|
Displays events based on their level of determined risk
This feature requires a OneLogin subscription that includes SmartFactor Authentication. Speak with your account representative for more information.
|
Columns
|
Acting user
|
Affected user
|
App
|
Assuming user
|
Description
|
Directory Sync
|
Event Type
|
IP Address
|
Notes
|
Policy
|
Risk reasons
|
Risk score
|
Timestamp
|
App Details
These reports show specific applications, their settings, role memberships, and users.
Conditions
Condition
|
Type
|
Description
|
Assumed sign-on allowed
|
True/False
|
Displays apps based on whether they're accessible to admins who are currently assuming another user
|
Name
|
String
|
Displays apps with a given name
|
SAML available
|
True/False
|
Displays apps based on whether they're accessible via SAML authentication
|
Sign-in method
|
Selection
|
Displays apps based on how they authenticate users
|
Columns
|
Assumed sign-in allowed
|
Available
|
Created
|
Full Name (user)
|
Name
|
Role
|
SAML available
|
Self-service
|
Sign-in method
|
User count
|
Login Details
These reports show user logins for given applications, users, password strength, etc.
Conditions
Condition
|
Type
|
Description
|
App
|
String
|
Displays logins to a given application
|
Changed at
|
Date
|
Displays logins based on the date its login details were changed
|
Password strength
|
Selection
|
Displays logins based on the strength of the password used
|
Password updated at
|
Date
|
Displays logins based on the most recent password change
|
User
|
String
|
Displays logins initiated by a given user
|
Columns
|
App name
|
Changed at
|
Enabled
|
Override roles
|
Password score
|
Password strength
|
Password updated at
|
User
|
Username
|
|