This article details how to generate an Okta Multi-Factor Authentication (MFA) usage report targeting the Okta Verify MFA factor for a =< 90-day timeframe.

• Generating MFA Report
• Reports / System log

Depending on the specific Org needs, admins may need to pull user MFA-related data for the Okta Verify authenticator factor for a timeframe greater than 30.

Typically, MFA usage data can be generated from the Admin UI Dashboard by navigating to Reports > Reports > MFA Usage (located under the Multi-Factor Authentication section). After generating the report, a pop-up will show the email address to which the report is being sent (the admin's email). 

This report only pulls information for the past 30 days.

Refer to the product documentation for additional details related to the standard MFA Usage report.

To pull the user usage data for the Okta verify MFA factor, use the system logs and export the results via a CSV file. The filter that would need to be used is debugContext.debugData.factor co "OKTA_VERIFY".

Also, ensure that the period is set to the maximum time going back (the farthest back that the log events will display is 90 days).

Once the filter and timeframe are in place, click Search, which will display all events from all users who have used the Okta Verify factor within the last 90 days. Depending on the data of interest, the CSV file can be opened within an Excel sheet and then customized to showcase the desired columns.

NOTE:

• The logs showcase all such events, therefore it will display users who have logged in and used the Okta Verify factor multiple times in a day. It will only showcase users that logged in and used the Okta verify factor, if there are users who are on leave or where otherwise absent and did not log in, then these users will not appear on the CSV export file.
• This report will not be sent to the email address, so whatever is downloaded from the system log is the report itself.