On the STA Token Management console, the Authentication Activity module lists up to a maximum of 100 of the most recent authentication records. The list refreshes automatically when you open the module.

You can also view the authentication activity in the access logs on the STA Access Management console. If an access attempt was followed by authentication events, then the access logs include each associated authentication event as a child of the access attempt.

You can review the descriptions of the authentication log fields. You can also view authentication metrics.

1. On the STA Token Management console, select Snapshot > Authentication Activity.

   

   The Authentication Activity includes the following information:

   Column	Description
   Timestamp	Displays the time of the request, based on the time zone that is configured on the web server that hosts the STA Access Management console.
   User ID	Displays the user ID that the user provided when they attempted to authenticate.
   Actions	Displays the action performed during the authentication.
   Result	Displays the result of the authentication attempt.
   Credential Type	Displays the type of credential used to authenticate.
   Serial #	Displays the serial number of the token that was used to authenticate successfully. If the value is 0 and authentication succeeded, this indicates the use of a static password to authenticate.
   IP	Displays the IP address of the authentication request. Depending on the configuration, this could be the user’s access point (such as, VPN gateway) or agent (such as, OWA) IP address.
   Message	Displays a brief description about the authentication attempt.

2. To filter the log entries, select a Result from the drop-down list:

   Result	Description
   Failure	Lists only failed authentications. Push notifications that users rejected (the user selected It wasn’t me!) are listed as a Failure, with a message to indicate that it was due to user rejection.
   Success	Lists only successful authentications. Push notifications that users accepted (the user selected Approved) are listed as a Success.
   Challenge	Lists SMS, push, GrIDsure, CR token, and ID First authentication events. For a challenge-response configured token, STA sends the user a request for an OTP (SMS), OTP (push), GrIDsure image, or an eight-digit challenge (CR). For push OTP challenges, additional information, such as geolocation and resource name, are displayed in the message column.
   Server PIN Provided	Lists authentication events where the server generated a PIN for the user.
   User PIN Change	Lists authentication events where the user was prompted to change their PIN.
   Outer Window Authentication	Lists authentication events where the user provided a correct OTP value, but that OTP value was outside of the inner window. Outer window success indicates that the user provided the next expected OTP. (Refer to Token synchronization).
   Change Static Password	Lists authentication events where the user was required to change their temporary static password.
   Password Change Failed	Lists authentication events where a password change failed.
   PIN Change Failed	Lists authentication events where the user PIN change failed.
   Skipped	Lists authentication events that are not required from the user due to policy settings, such as when the user requests access from a known network or

   Notes about push notification results:

   • Push notifications are listed as Challenge.

   • Push notifications that are accepted (approved) by the user are listed as Success.

   • Push notifications that are rejected by the user are listed as Failure, with a message to indicate that it was due to user rejection.

   • Push notifications that are ignored by the user do not result in another entry after the Challenge.

3. Select Refresh to sort the results according to the selected result, or to update the list to include any recent authentications that occurred since you opened the module.

View authentication activity for a user

1. On the STA Token Management console, search for a user.

2. Select Assignment > Authentication Activity.

   

View the access logs

1. To open the access logs from the STA Token Management console, in the Extended Features menu, select Access Logs.