User Attempts Audit Report

Generates the list of users who have attempted authentication methods like MFA, SAML and NTML authentication, smart card login, and authentication into the self-service portal. Information displayed in the report includes the time of the attempt, domain name, total number of attempts and the type of attempt.

Report generation

To generate the User Attempts Audit Report,

1. Log into the ADSelfService Plus portal with admin or operator privileges and navigate to Reports > Password Self-Service Reports > User Attempts Audit Report.
2. The Period drop-down menu can be used to specify the time period for which to generate the report. Options include Today, Yesterday, Last 7 days, Last 30 days, This month, and Custom Period.
3. Then, click on Generate to generate the report.

Note: If you have enabled the FIDO Passkeys authenticator in your organization, please keep in mind that the invalid user verification attempts (incorrect PIN or Biometric verification) are tracked on the platform or roaming authenticator and not in ADSelfService Plus.

Certain authenticators like YubiKey have their own blocking mechanism in such cases.

Report customization

• Adding or removing columns: To add or remove columns, click on the Add/Remove Columns [ ] option at the far right of the report. In the Select the columns to be displayed pop-up that appears, select the required fields under Available Columns and click on the right arrow (>>) to move it to the Selected Columns. To remove columns, select the unused fields under Selected Columns and click on the left arrow (<<) to move it to Available Columns.
• Ordering the columns: The columns' positions can also be altered by selecting a value under Selected Columns and using the Up and Down options to change its position.

Advanced Filtering

Once the report is generated, the entries can be narrowed-down based on the following parameters by clicking on the Advanced Filter [ ] icon at the far right of the report.

• User Name: This option lets you display report entries for specific usernames. The sub-options available under User Name are Contains, Does Not Contain, Is, Is Not, Starts With, and Ends With.
• IP Address: This option lets you display results by IP address. The conditions available to refine this include Contains, Does Not Contain, Equals, Is Not Equal To, Starts With, and Ends With.
• Attempted from: This option lets you display results by the name of the machine MFA was attempted from. The conditions available to refine this include Contains, Does Not Contain, Equals, Is Not Equal To, Starts With, and Ends With.
• Domain Name: This option lets you display report entries for specific domains. The sub-options available under Domain Name are Contains, Does Not Contain, Is, Is Not, Starts With, and Ends With.
• Policy Name: This option lets you display report entries for specific policy. The sub-options available under Domain Name are Contains, Does Not Contain, Is, Is Not, Starts With, and Ends With.
• CA Rule Name: This option lets you display all report entries which meet particular conditional access rules. The sub-options under CA Rule Name are Contains, Does Not Contain, Is, Is Not, Starts With, and Ends With.
• Type: This option lets you narrow-down entries by the type of authenticator used. The sub-options under Type are Is and Is Not.
• Status: Use this option to narrow-down entries by whether the MFA attempt was a Success or a Failure.

Sorting

Click on any of the column headers (except the Status column) to view the report's entries in ascending or descending order.

Searching

• Click on the search icon [ ] in order to search for specific data in the report.
• Specific users can be searched for using attributes such as the username or the IP Address.
• Searching happens using the criteria contains. For example, if the word jack is searched for using the username column, then all usernames containing the sequence jack will be displayed as a result.

Schedule Reports, Export As, and More

• The Schedule Reports option can be used to schedule the generation of reports at specified intervals, and automatically email them to administrators or specific email addresses. Learn to schedule reports here.
• The Export As option in the top-right corner of the page helps export the report in CSV, PDF, XLS, XLSX, HTML and CSVDE formats.
• The More option in the top-right corner of the page lists the Printable View, Send Mail, and Export Settings options.
• The Printable View option can be used to preview and print the report.
• The Send Mail option can be used to mail the report to the desired email addresses.
• Additionally, you can configure custom Export Settings, such as a personalized title for the report and a header logo that you may wish to display on each page.