Monitor Multi-Factor Authentication Events

When a user attempts to access a resource protected by the Duo Admin Panel, they are first prompted to authenticate themselves against the configured Identity Provider before being asked to perform the two-factor authentication using one of Duo’s methods (push, passcode, SMS, or phone call).

If the user authenticates successfully or fails to authenticate themselves using two-factor authentication, the Duo Admin Panel records a Multi-Factor Authentication (MFA) log containing information on whether the user's two-factor authentication has passed or failed. These logs show where and how users authenticate, with usernames, location, time, IP address of the device, type of authentication factor, and more.

Note

Failed authentications due to the user failing to authenticate with their Identify Provider are not recorded and are unavailable to Security Cloud Control.

Procedure


Step 1

In the left pane, click Analytics > Remote Access.

Step 2

Click the MFA tab.

Multi-Factor Authentication Events