<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeKnowledge Base

Obtain a List of Failed Login Attempts or Potentially Malicious Sign-On Attempts in Okta

Last Updated:

Administration
Okta Classic Engine
Okta Identity Engine

Overview

Visibility into failed login attempts and potentially malicious sign-on activity ensures proper monitoring of environment security. Okta provides a Suspicious Activity report that summarizes failed logins and locked-out users over a 30-day period. Generating and exporting this report provides a detailed review of these security events.

Applies To

  • Okta Classic Engine
  • Reporting
  • Suspicious Activity

Solution

What steps generate an export of failed login attempts and malicious sign-on activities?

Navigate to the reporting section of the Admin Console to view the suspicious activity summary and download the detailed Comma-Separated Values (CSV) file.

 

  1. In the Admin Console, navigate to Reports > Reports.
  2. Review the Suspicious Activity section for a brief summary of failed logins and locked-out users over the past 30 days.
  3. Select the Suspicious Activity header in the section to view greater detail and access the exportable report.
  4. Select the Download CSV link in the upper-right corner of the results table to export the report to a file.

Recommended content

Still looking for help?
Loading
Okta Support - Obtain a List of Failed Login Attempts or Potentially Malicious Sign-On Attempts in Okta