Generate a PingID report to view a range of PingID events.
- Pairing Details event
- Provides details of a user's pairing attempt, based on the Device & Pairing rules. For more information, see Device and pairing policy.
- Authentication Details event
- Provides details of a user's authentication attempt, based on the defined policy rules together with the Device & Pairing rules. For more information, see Configuring a global authentication policy (default policy), Configuring a VPN and SSH access policy, and Device and pairing policy. The entry also indicates the apps and groups to which a policy is applied, if applicable.
- Policy-related event data, such as IP Address and Country, is only included in report events when the accessing device is able to push the data as part of the authentication flow. For offline authentication events and authentication failure events, policy-related fields will therefore show results as N/A.
- For an overview of running and filtering PingID reports, see Running the PingID activity report.
The PingID report displays, showing results for the past 7 days by default. Policy-related entries are identified by the following information:
- Timestamp
- The time at which the policy event occurred.
- Subject
- The user to whom the policy was applied.
- Message
- A list of policy-related fields providing detailed information about policy-related events. The first line of the Message field indicates whether the event is a Pairing Details event or an Authentication Details event.
- Status
- The status POLICY indicates that the event is a policy related event.
Policy element | Value |
---|---|
Type of event |
Authentication Details or Pairing Details. |
IP Address |
The IP address of the accessing device. |
Previous Authentication IP |
The IP address of the IP address of the accessing device used in the previous sign on. |
Previous Authentication Time |
The time of the last successful authentication. |
IP Reputation Whitelist Met |
Indicates whether the IP address of the accessing device appears in the IP reputation rule white list (true or false). |
Geovelocity Whitelist Met |
Indicates whether the IP address of the accessing device appears in the Geovelocity rule white list (true or false). |
IP Risk Score |
The risk score category of the IP address of the accessing device (Low, Medium, or High). |
Country |
The location from which the accessing device is communicating. |
Previous Country |
The location from which the accessing device communicated during the last sign on. |
Ground Speed |
The speed taken to travel between the current login location and the previous location, in the time that elapsed since the previous sign on (km/h). If the speed exceeds 1000 km/h, the rule is triggered. |
Current VPN/Proxy login |
Whether the accessing device for the current sign on is using a proxy or VPN. Possible values are true or false. If this value is true, the Geovelocity rule is ignored. |
Previous VPN/Proxy login |
Indicates the accessing device for the previous sign on was using a proxy or VPN. Possible values are true or false. If this value is true, the Geovelocity rule is ignored. |
New Device |
Whether the accessing device is new. Possible values are true or false. |
Requested Application ID |
The ID of the app the user is trying to access. |
Requested Application Name |
The name of the app the user is trying to access. |
Password Reset |
Indicates whether the user tried to reset the SSO password. Possible values are true or false. |
Self Service Device Management |
Whether the user tried to access the Devices page. Possible values are true or false. |
Time since last Authentication |
The amount of time that has passed since the last authentication. In the last <number> minutes. |
Accessing Device UserAgent | The user agent string of the browser on the accessing device. |
Accessing Device OS |
The name and version of the OS on the accessing device, for example, OS X 10,15. |
Accessing Device Browser | The browser used on the accessing device, for example, Chrome 89.0 |
Allowed Authentication Methods |
The allowed authentication methods in the applied policy. This information is displayed in the event that a user attempts to authenticate with a device that is not allowed by this policy. |
Time since last Authentication from Office |
The last time the user authenticated from the office, in minutes. If no office is defined, the value is N/A. |
Mobile OS Version |
The OS name and version of the authenticating device. For example, iOS 9.3.2. |
Device Model |
The make and model of the authenticating device. For example, iPhone 6S. |
Device Lock Enabled |
Whether device lock is enabled on the mobile device. Possible values are true or false. |
Device Rooted or Jailbroken |
Whether the mobile device rooted or jailbroken. Possible values are true or false. |
Device enrolled in MDM |
Whether the mobile device is enrolled in mobile device management (MDM). Possible values are true or false. |
PingID App version |
The version of the PingID app on the user device. For example, 1.8.1. |
Action |
The action defined for this policy:
|
Policy/Policies not Met |
The name of the policy/policies that were not met during the pairing or authentication action. |
Policy/Policies Met |
The name of the policy or policies with which the action complied. |
Rule Met |
The rule within the policy that was executed. |
Group Affected |
The groups to which the policy was applied. |