Skip navigation
Documentation

Administration - Logs and Reports

Contents

Reports

All administrator roles except Billing can view reports. Clicking the Reports link on the left side of the Admin Panel takes you to the Authentication Log.

Authentication Log

You'll see a list of authentication attempts that shows the following information:

  • When the login was attempted
  • The username
  • Which application was used
  • They type of authentication event
  • Whether the logon attempt was successful or not (if access is denied, a reason is provided)
  • The client OS, browser, and browser plugin information (if using a web based application with Duo's inline authentication prompt
  • The location from which the logon attempt originated (if a publicly resolved IP address)
  • The client IP address (if the client sends IP information)
  • What type of Duo authenticator was used (Duo Push, SMS, phone call, etc)
  • Information about the device that was used for Duo authentication (phone number, location, IP address, etc.)

Authentication Log

Duo Beyond and Duo Access plan customers also see events for users that access an application without two-factor authentication as a result of setting the New User Policy setting to "allow access".

The authentication log may be filtered by user, application, or group.

Authentication Log Filtering

Click the Reports button in the upper right side of the log display and select CSV or JSON to download a copy of the log. You can also select URL to obtain a direct link to your current authentication log view. If you've added any filters to your current view of the log, the report only includes the filtered results.

The Admin Panel truncates authentication log entry display to the last three months or the most recent 10,000 events (whichever is shorter). To view older authentication events use our Admin API.

Telephony Log

The telephony log shows all the phone calls and SMS messages sent by Duo. These could be initiated by administrator login to the Admin Panel, user login to Duo protected services, or device enrollment and activations links sent to users and administrators (as shown in the "Context" column).

The number in the "Credits" column shows how many credits were deducted from your telephony credits balance for each phone call or message.

Telephony Log

Click the Reports button in the upper right side of the log display and select CSV or JSON to download a copy of the log. You can also select URL to obtain a direct link to your current telephony log view.

Administrator Actions Log

The administrator actions log shows activity by your organization's Duo administrators. Examples of logged administrator actions include:

  • Administrator to the Admin Panel
  • Tasks like adding, modifying, or deleting phones, users, tokens, applications, and other administrators
  • AD Sync start and end

Administrator Actions Log

Click on the link in the "Action" column to see more details.

Authentication Log Filtering

The authentication log may be filtered by administrator.

Authentication Log Filtering

Click the Reports button in the upper right side of the log display and select CSV or JSON to download a copy of the log. You can also select URL to obtain a direct link to your current administrator actions log view. If you've added any filters to your current view of the log, the report only includes the filtered results.

Log Retention

Duo authentication, telephony, and administrator action log entries are retained indefinitely by default. Change the log retention period to your desired maximum number of days in the “Logging” setting.

Ready to Get Started?

Sign Up Free