<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeKnowledge Base
How to Locate Factor Information in Okta System Log
Apr 20, 2026
Okta Identity Engine
Multi-Factor Authentication
Overview

How to locate Factor Information in the system log, or what authenticator type was used to log in to an app.

Applies To
  • Multi-Factor Authentication (MFA)
  • Okta Identity Engine (OIE)
Solution

Locate Factor Information in System Log

 

To identify the factor type for a specific event, follow these steps:

  1. Navigate to Reports > System Log.
  2. Locate the desired event (for example, user.mfa.factor.activate or user.authentication.auth_via_mfa).
  3. Click the right arrow next to the event timestamp to expand the event details.
  4. Expand the debugContext section.
  5. Expand the debugData object.
  6. Locate the factor or factorType field to view the specific factor used.

 

Available Factor Types

 

The following list contains the standard factor types found in the System Log:

  • call: Represents the Voice Call factor where the user receives a phone call with a verification code.
  • email: Represents the Email Challenge factor, where a code or magic link is sent to the user's primary email address.
  • fido_u2f: Represents a Universal 2nd Factor (U2F) security key.
  • fido_webauthn: Represents Web Authentication (WebAuthn) factors, such as FIDO2 security keys or platform authenticators like Windows Hello and Touch ID.
  • push: Represents the Okta Verify Push notification sent to a mobile device.
  • question: Represents the Security Question factor.
  • sms: Represents the Short Message Service (SMS) text message factor containing a verification code.
  • token: A general category for one-time password (OTP) tokens.
  • token:hardware: Represents physical hardware tokens (e.g., YubiKey in OTP mode).
  • token:hotp: Represents HMAC-based One-Time Password (HOTP) factors.
  • token:software:totp: Represents software-based Time-based One-Time Password (TOTP) factors, such as those generated by Okta Verify or Google Authenticator.
  • ​​​​signed_nonce: Represents Okta FastPass within the System Log. It is used to verify the possession of a registered device that is cryptographically bound to a user account. This terminology applies to both desktop (Windows and macOS) and mobile (iOS and Android) platforms.

Recommended content

Still looking for help?
Loading
How to Locate Factor Information in Okta System Log