00ubyy9rtUHgFIOre351.5325344598037642E12 (Customer) asked a question.
How to identify users and number of requests sent
We have some servers that finish the connection after 24 hours.
But some users forget to log off and leave the computers on.
after 24 hours the server disconnects them, but the client tries to reconnect automatically this process saturates the MFA traffic
Using the Rate Limit report (Usage for /api/v1/authn/factors/{factorIdOrFactorType}/verify)
I can identify the span of time that the network received many pushes in a short time. But I want to know which user is responsible for these pushes.
Hi, @00ubyy9rtUHgFIOre351.5325344598037642E12 (Customer)
Thank you for posting on our Community page!
Please use System Logs and search eventType eq "user.authentication.auth_via_mfa" and download so you can filter by user.
Check out this article as well: https://help.okta.com/en-us/Content/Topics/Reports/Reports_SysLog.htm?cshid=ext_Reports_SysLog
Thank you for reaching out to our Community and have a great day!
_____________________________________________________________________________
Community members help others by clicking Like or Select as Best on responses. Try it today.
_____________________________________________________________________________