Rogue Accounts Report Skip to main content
https://support.okta.com/help/oktaarticledetailpage?childcateg=&id=ka02a0000005udpsaq&source=documentation&refurl=http%3a%2f%2fsupport.okta.com%2fhelp%2fdocumentation%2fknowledge_article%2frogue-accounts-report-1645523711
How satisfied are you with the Okta Help Center?
Thank you for your feedback!
How satisfied are you with the Okta Help Center?
1
2
3
4
5
Very Dissatisfied
Very satisfied
Enter content less than 200 characters.
Average Rating:
Rogue Accounts Report
Published: Jan 31, 2018   -   Updated: May 15, 2018

okta-doc-source

Rogue Accounts Report

This is an Early Access feature. To enable it, please contact Okta Support.

The Rogue Accounts report compares assignments in Okta to accounts that exist in a specified app and lists the discrepancies. You can find the accounts that were created directly in the application without going through Okta and correct them to ensure all access to the app is managed through Okta. Once corrected, you will only have to look in one place to see who has access and what type of access for all the applications that you manage.

The rogue accounts report provides the following two lists of users:

  • Users that exist only in the app and do not exist in Okta. These accounts were created in the app and were not assigned in Okta.
  • Users that exist only in Okta and do not exist in the app. These accounts were assigned in Okta, but were not created in the app.

You can correct the discrepancy by either assigning the app to the user in Okta or by deprovisioning the user in the app.

The report is visible in Okta and can also be downloaded in a comma-separated values (CSV) file. Lengthy reports are only available in CSV format.

Run the Report

You can launch the report from the Reports page in the App Access Audit section or from the main page for an application.

  • If you launch the report from the Reports menu, you must specify the app for comparison.
  • If you launch the report from an application, the application name is already filled in.

When the application name is filled in, click Run Report to create the report. The report takes a few minutes to run.

Note: If the application does not support API-based comparison, see Compare users with a CSV file below.

View the Output

The report shows users in two categories: Only in [App] and Only in Okta. You can toggle between these two lists by clicking the desired category under App Account Status on the left of the report body.

Note: If there are more that 100 results to display, only the first 100 results are shown with a message in the 101st row that indicates that you must download the output in CSV format to see the full results.

Download the Output

Click the Download CSV button to create a CSV format of the report.

The CSV file contains the following information:

  • The Only in Okta portion of the report always contains the columns titled oktaFirstName, oktaLastName, and oktaUsername.
  • If the report was from an automatic download, the Only in App portion of the report contains columns titled appUserName, appFirstName, and appLastName.
  • If the report was from an uploaded CSV file, described in the next section, the Only in App portion of the report contains one column containing the attribute to match. The column title can vary.
Compare users with a CSV file

For applications where the comparison is not available through the provisioning connector, the Run Report button opens a screen for uploading a data file in CSV format, shown below. This CSV file should contain all active accounts in the application, and can be obtained by exporting the accounts from the application. The CSV file must have headers and at least one unique identifier column.

rogue_accounts_csv_1

Link the App Users with Okta Users

Once a file has been correctly uploaded, you are prompted to specify how the rows should map to unique user accounts. In the screen shown below, choose fields for both the app and for Okta that map.

rogue_accounts_csv_2

When done, click Run Report. The output is the same as shown above.

 

Post a Comment