Audit trail for user

Marvin.Gage · February 24, 2022, 8:14pm

A user shows as locked out but not why so of course Okta failed to login. Is there a way to audit a specific user to find out why they were locked out as it has happened to this user more than once.

Feb 24 12:36:21 Okta System (SystemPrincipal) Authenticate user with AD agent success
Feb 24 12:15:44 John Doe (User) User login to Okta
failure: LOCKED_OUT
Feb 23 10:42:12 John Doe (User) User single sign on to app success

As you can see the log for this user is missing the reason for the locked out. It shows no reason it was successful the day before than next day users Locked out. I need a better audit log than the default log.

erik · February 24, 2022, 9:27pm

Hello,

In the Orgs System.log can you search for outcome.reason eq "INVALID_CREDENTIALS". Do you not see any entries for this user between 2/23-2/24?

Marvin.Gage · February 25, 2022, 3:14pm

Tried that to no avail. I opened a ticket with Okta as this is one strange problem and they are looking further into it themselves.

system · February 8, 2024, 9:39pm

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.

Post		Replies	Views
Show lock out failure for user authenticating with incorrect credentials OAuth/OIDC api	2	2072	February 15, 2024
Can't acces Dev Okta instance Questions	9	2406	February 13, 2024
Log user out of okta if is not authorised in my application OAuth/OIDC	1	1397	February 15, 2024
Is there a way of getting a log of successful User Sign Ins to SSO Applications? Questions	1	3277	January 24, 2024
Locked Out of Okta Enviornment Questions	3	546	May 8, 2024

Audit trail for user

Related Topics