Contents
Overview
All administrator roles, except Billing, can view reports. Click Reports in the Admin Panel left navigation to access the available reports.
Authentication Log
Available in: Duo Free, Duo Essentials, Duo Advantage, and Duo Premier
The default view shows authentication events for the previous 24 hours. You'll see a visual representation of authentication successes and failures, and a list of authentication attempts that shows the following information:
- When the login was attempted
- Whether the login attempt was successful or not (if access is denied, a reason is provided)
- The username
- Which application was used
- Risk assessment information
- The access device's operating system
- Browser and browser plugin information if using a web based application with the inline Duo Prompt
- The location from which the login attempt originated (if a publicly resolved IP address)
- The client IP address (if the client sends IP information)
- What type of Duo authenticator was used (Duo Push, SMS, phone call, etc)
- Information about the device that was used for Duo authentication (phone number, location, IP address, etc.)
Duo Premier, Advantage, and Essentials plan customers see events for users when they access an application without two-factor authentication as a result of setting the New User Policy setting to "Allow access without 2FA" and when denied access to an application because the New User Policy is set to "Deny access".
Duo Premier and Advantage plan customers see the preview mode for Risk-Based Factor Selection.
To narrow down the authentication logs shown, click on "Last 24 Hours - No filters applied" (the default) at the top of the page to expand the filtering options. You can expand the time range up to a maximum of 180 days, filter the authentication log information by typing in all or part of a user, application, or group name, or select from other criteria like second factor or passwordless devices used to authenticate, authentication log success or failure reasons, and more.
Click the Export button in the upper right side of the log display and select from the available export options, which may include CSV or JSON which will download a copy of the log. You may also select Print which will go directly to your browser's print dialog.
Duo Desktop Deployment
Available in: Duo Advantage and Duo Premier
The "Duo Desktop Deployment Progress" page shows the percent of devices with Duo Desktop installed.
Single Sign-On Log
Available in: Duo Essentials, Duo Advantage, and Duo Premier
The Single Sign-On log shows Duo Single Sign-On successful and failed authentication activity. Success indicates completion of primary and secondary authentication.
Click the Export button in the upper right side of the log display and select from the available export options, which may include CSV or JSON which will download a copy of the log. You may also select Print which will go directly to your browser's print dialog.
Telephony Log
Available in: Duo Free, Duo Essentials, Duo Advantage, and Duo Premier
The telephony log shows all the phone calls and SMS messages sent by Duo. These could be initiated by administrator login to the Admin Panel, user login to Duo protected services, or device enrollment and activations links sent to users and administrators (as shown in the "Context" column).
The number in the "Credits" column shows how many credits were deducted from your telephony credits balance for each phone call or message.
Click the Export button in the upper right side of the log display and select from the available export options, which may include CSV or JSON which will download a copy of the log. You may also select Print which will go directly to your browser's print dialog.
Administrator Actions
Available in: Duo Free, Duo Essentials, Duo Advantage, and Duo Premier
The administrator actions log shows activity by your organization's Duo administrators. Examples of logged administrator actions include:
- Administrator to the Admin Panel
- Tasks like adding, modifying, or deleting phones, users, tokens, applications, and other administrators
- AD Sync start and end
Click on the link in the "Action" column to see more details.
To narrow down the administrator actions logs shown, click on "Last 24 Hours" (the default) at the top of the page to expand the filtering options. You can expand the time range up to a maximum of 180 days and filter by administrator.
Click the Export button in the upper right side of the log display and select from the available export options, which may include CSV or JSON which will download a copy of the log. You may also select Print which will go directly to your browser's print dialog.
Authentication Summary
Available in: Duo Free, Duo Essentials, Duo Advantage, and Duo Premier
The "Authentication Summary" page shows your authentication success rate, the most frequently used authentication methods and applications, and trends in authentication method usage.
Click the Print button in the upper right side of the report display to open your browser's print dialog.
Denied Authentications
Available in: Duo Free, Duo Essentials, Duo Advantage, and Duo Premier
The "Denied Authentications" page shows your authentication failure rate, the most common authentication methods used in failed authentications, reasons authentications were denied, and the top users and applications with denied authentications.
Click the Print button in the upper right side of the report display to open your browser's print dialog.
Deployment Progress
Available in: Duo Free, Duo Essentials, Duo Advantage, and Duo Premier
The "Deployment Progress" page provides an overview of your current Duo deployment status. It shows the total number of users, the number of enrolled and unenrolled users, and the number of enrolled users that have successfully authenticated.
Click the Print button in the upper right side of the report display to open your browser's print dialog.
Policy Impact
Available in: Duo Advantage and Duo Premier
The "Policy Impact" page shows users and authentications that were affected by policies. The "Blocked" tab displays the users and authentications that were blocked and the reasons for the blocked authentications. The "Expedited" tab displays users and authentications that were expedited due to an authorized networks or remembered devices policy.
Click the Export button in the upper right side of the log display and select from the available export options, which may include CSV or JSON which will download a copy of the log. You may also select Print which will go directly to your browser's print dialog.
Universal Prompt Progress
Available in: Duo Free, Duo Essentials, Duo Advantage, and Duo Premier
Duo's next-generation authentication experience, the Universal Prompt, provides a simplified and accessible Duo login experience for web-based applications, offering a redesigned visual interface with security and usability enhancements.
The Universal Prompt Update Progress report acts as a centralized location for determining which of your applications will be capable of supporting the new prompt, which applications require reconfiguration for continued use, monitoring updates to the availability of required software updates needed to support the Universal Prompt, viewing which applications have the necessary update in place, and activating Universal Prompt for updated applications.
Read the Universal Prompt Update Guide for more information about the update process to support the new prompt.
Log Retention
Duo authentication, telephony, and administrator action log entries are retained indefinitely by default. Change the log retention period to your desired maximum number of days in the "Logging" setting.
Additional Monitoring Information
Duo Advantage and Duo Premier customers can find Duo Trust Monitor security event reporting and Cisco Identity Intelligence under Monitoring in the navigation menu.