EricO.42542 (Customer) asked a question.
I found after 10 months a user who had not setup okta verify. We have office365 federated to okta, so I thought everyone who access emails,teams,onedrive would require okta mfa. But it appears anyone running thick client before federation did not get prompted for okta verify until password expired. I want to a way to identify any other employees.
Check out the "MFA Enrollment by User" report found under "Reports->Reports->Multifactor Authentication" section in the Okta Admin Console.
That shows all users who have okta verify, but not what users are in okta and have not setup okta verify. (I Believe)
Yes you are correct. Sorry, I forgot to say that I would export a list all users via Okta Rockstar plugin and put both datasets in a spreadsheet and use VLOOKUP to compare and get list of ones that don't have Okta Verify.
Correct, the Rockstar export does not have MFA data but does show all users. Using a spreadsheet you can diff the users from the Rockstar export with the users from the "MFA Enrollment by User" report and the users that don't match would be ones that don't have MFA setup.
@EricO.42542 (Customer) maybe this best practise is set Okta verify as require in the Authenticator. So all user must setup Okta verify when they login. If it is optional, the user still can ignore it.
I do have okta verify as required, the issue is I am only syncing the AD groups that had office employees. We have shared stations and supervisors who use teams now and not included, It would take an effort to handle all exceptions if I wanted to easily sync all groups.
You should be able to get this information with the MFA Enrollment by User report.
If you specify in the filter criteria Authenticator Type / does not include / Okta Verify you will get a list of all users that have at least one authenticator enrollment (e.g. Password), but do not have an OV enrollment.
The edge case here would be users that have no authenticators enrolled at all, which I believe may happen with staged users. If you want to be super duper sure, you can join compare the list of users from the User Accounts report (all users in your directory), with a list of users from the MFA Enrollment by User report where Authenticator Type / includes / Okta Verify (all users with OV enrolled). For example, you could do this with a vlookup or a countIf statement in excel or google sheets. Any users that appear in the User Accounts report but not the MFA report would be those w/o an OV enrollment.
We use cookies to provide the best website experience and to help understand marketing efforts. We may also share data with ad partners to reach potential customers across the web. To learn more, visit our Privacy Policy. Click here for Your Privacy Choices. You may also opt out of this sharing by signaling your preference via GPC, applicable only to the browser signaling the opt-out.
More information
These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information.
These cookies enable the website to provide enhanced functionality and personalisation. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly.
These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site, and will not be able to monitor its performance.
These cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.
Select All
We use cookies to provide the best website experience and to help understand marketing efforts. We may also share data with ad partners to reach potential customers across the web. To learn more, visit our Privacy Policy. Click here for Your Privacy Choices. You may also opt out of this sharing by signaling your preference via GPC, applicable only to the browser signaling the opt-out.
More information
These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information.
These cookies enable the website to provide enhanced functionality and personalisation. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly.
These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site, and will not be able to monitor its performance.
These cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.
Select All
Yes you are correct. Sorry, I forgot to say that I would export a list all users via Okta Rockstar plugin and put both datasets in a spreadsheet and use VLOOKUP to compare and get list of ones that don't have Okta Verify.