To acquire a report of all managed and unmanaged devices, administrators must query the Okta System Log and export the results to a CSV file.
- Multi-Factor Authentication (MFA)
- Okta Identity Engine (OIE)
- Okta System Log
How are managed and unmanaged devices queried in the Okta System Log?
Generate a report of managed and unmanaged devices by navigating to the System Log, executing specific queries, and downloading the results as a CSV file.
- Sign in to the Okta Admin Console.
- Navigate to Reports, and then select System Log.
- Enter one of the queries provided below into the Search field.
- Select Download CSV to download the report for further filtering.
NOTE: Okta retains System Log data for only 90 days. To increase this period, utilize the Application Programming Interface (API) to export Okta log data or use log streaming. Review the How to Export Okta Log Data documentation for more information.
Use the following queries to filter the System Log for specific device trust statuses, operating systems, and applications.
- To retrieve Device Trust Managed Devices reports:
actor.id eq "[UserID]" and device.managed eq "true" - To retrieve Device Trust Unmanaged Devices reports:
actor.id eq "[UserID]" and device.managed eq "false" - To include a specific operating system platform (for example, Windows):
client.userAgent.os co "Windows" - To execute a sample search combining the user, managed status, and operating system:
actor.id eq "[UserID]" and device.managed eq "true" and client.userAgent.os co "Windows" - To include a specific application (for example, Okta Dashboard):
actor.id eq "[UserID]" and device.managed eq "true" and client.userAgent.os co "Windows" and target.alternateId eq "Okta Dashboard"
How is the device management status verified in the System Log?
Verify the device status and operating system platform by expanding the Sign-on Evaluation Policy event in the System Log.
- Expand the Evaluation sign-on policy CHALLENGE event in the System Log results.
- Review the event details to confirm the device appears as registered and managed, along with the operating system platform used to sign in.
What are additional query examples for device types and operating systems?
Filter the System Log further by using these additional query examples for device types, management statuses, and desktop operating systems.
- Device Type:
client.device eq "Mobile"client.device eq "Computer"
- Managed or Unmanaged Device:
device.managed eq "true"device.managed eq "false"
- Desktop Operating System:
client.userAgent.os co "Mac OS"client.userAgent.os co "Windows"
How is the device management status obtained via the API?
Retrieve the device management status using the Devices API by appending the expand parameter and adjusting the limit to prevent timeout errors.
Append the expand parameter to the Devices API endpoint to return the device management status.
/api/v1/devices?expand=userIf the request omits a limit value, the Devices API uses a default maximum limit of 200 and might generate the following timeout error.
{
"errorCode": "Request is running beyond the maximum permitted time; terminated. interceptor=CACHE startTime=1681970528867 maxRequestTime=5000",
"errorSummary": "Request timed out",
"errorLink": "Request is running beyond the maximum permitted time; terminated. interceptor=CACHE startTime=1681970528867 maxRequestTime=5000",
"errorId": "oaed_C9nP7dTSeQ96UQBO3K1w",
"errorCauses": []
}Decrease the limit parameter to 100 or 50 to circumvent this timeout issue.
/api/v1/devices?expand=user&limit=50Related References
