📊Dashboard
Identity Intelligence dashboard at a glance
The Dashboard page in the Identity Intelligence platform provides a high-level view into your connected identity platforms and associated key metrics.
This article provides details on each of the sections or widgets in the Dashboard page. For more information on the origin and value of the Dashboard, read this blog.
The dashboard displays metrics and visualizations on areas of interest including:
Exporting and sharing
Several of the visualizations can be exported into different formats by clicking on the 3 line button in the top right corner of a specific widget. If the widget does not have this buttons, it means it cannot be exported; however, you can still screenshot the visualizations if you'd like to use them in presentations, etc. Downloading as a SVG or PNG will export an image, whereas downloading as a CSV will export the raw data for you in CSV format.
Additionally, for easy sharing, use the Share button on the right side of the search bar. The Share button copies a link that can be pasted, bookmarked or shared with anyone who has the appropriate access to your Identity Intelligence tenant.
Integrations and Status
Purpose & Benefit: Quickly see the status and approximate traffic from each integration configured in your Identity Intelligence tenant.
The connected integrations are grouped by type, including Providers, Ticketing systems, Notification targets, or SIEM platforms.
For Providers like Azure AD, Okta, Duo, etc., the last collection status (ex: "Success") and average traffic metric is shown.
Note: Full admins in Identity Intelligence can also get more details on the integration status from the Integrations page in the left hand menu bar
Identities
Purpose & Benefit: Multiple Identity themed widgets to make it easy to quickly assess the size of your total identity estate, as well as recent trends in your identity hygiene and security posture.
Identity Security Snapshot
The Identities widget provides total identities, protected population metrics, and key metrics around identity hygiene and threats, such as -
Inactive Guest Accounts
Never Logged In accounts
Inactive Account Probing
User Type Missing in user profile
You can click on any of these numbers and it will take you to the corresponding Check details page or to a pre-filtered Users Page for further investigation.
Users per Source
The Users per Source widget further down the dashboard provides a breakdown of the number of identities in each connected identity platform.
Clicking on one of the bars in this visualization will take you to the Users page, pre-filtered for the users derived from the selected integration.
Monthly Sign-ins
This widget provides details on the total number of monthly sign-ins, including a breakdown of success, failure, and other types of sign-in events.
Trends can be analyzed for changes, such as a high spike in failures or overall sign-in events.
Login Attempts per Country
Purpose & Benefit: This visualization can help you verify recent sign-in attempts that are originating from expected locations and identity and quickly pivot to unusual or unexpected sign-in attempts using the map data or the table widget next to it.
At the bottom left of the Dashboard page, you can see a heat map of user login attempts - success or failure - globally over the past 30 days.
Hovering over a country in this visualization will show you the number of users with login attempts from that country. Clicking on a country will take you to the User page, pre-filtered for the users with login attempts from the selected location.
Login Attempts from New Countries
Next to the map at the bottom, the Dashboard provides a table of login attempts from new countries for the tenant. 'New' countries are defined as countries that have not seen any activity for the past 90 days. The Users column displays the number of users who have login attempts from a given country. Login attempts are broken down by outcome - success, failure, other (block, challenge, etc) - and are displayed as a count of unique login attempts. One user can have multiple attempts, as seen in the Bahamas example in the screenshot below.
You can click any value in the table to go to the Users page, pre-filtered for users with the selected outcome. For example, clicking on the 2 in the Users column in the Malaysia row, will show the two users with any sign in attempt from Malaysia, regardless of outcome; whereas, selecting the 9 in the Success column of the Malaysia row will show me only users that had successful sign ins from Malaysia. Users in this list will likely also be failing the New Country for Tenant check, if the activity has been in the past 7 days.
Administrators
Purpose & Benefit: Quickly answer an often difficult question for organizations - how many administrators do I have in each platform and where are they logging in from recently?
The Dashboard contains a couple widgets to highlight the administrators within your environment, as well as their recent activity, since these users have higher privileged access to your IDPs and present a higher security risk if their accounts were to be compromised.
Administrators per Source
The Administrators per Source widget provides a breakdown of the number of Admin users in each connected identity platform.
Clicking on one of the bars in this visualization will take you to the Users page, pre-filtered for administrators of that specific integration.
Administrator Logins
Purpose & Benefit: Quiickly monitor activity and spot admin account logins from unexpected networks and locations, including ones that have been tagged with a poor IP reputation or other alerts.
The Administrators logins widget shows a log of each Administrators most recent log in activity, including the user's name, email address, the IP address for their last login and the IP location, and any tags for that IP address.
Clicking in the blank space of a row or clicking the 'open in new tab' icon next to the Admin's name will open the Admin's User360 in the same window or a new tab, depending on what is selected.
MFA
The Dashboard includes a couple widgets for better understanding Multi-Factor Authentication (MFA) usage within your environment so that you can quickly identify gaps and trends in adoption, which can contribute to potential security risks.
MFA Posture Snapshot
Purpose & Benefit: All organizations have an urgent need to understand their MFA posture across their various IAM platforms. This widget provides current stats on coverage and trends of key MFA metrics.
The MFA Status widget provides key metrics around MFA hygiene and threats, such as -
Accounts with no MFA configured
Accounts using weak MFA to sign in
MFA Flood
Admins with weak MFA
You can click on any of these numbers and it will take you to the corresponding Check details page or to a pre-filtered Users page for further investigation.
MFA Prevalence by User Count
Purpose & Benefit: Quickly assess the status of your MFA factors in use and track migrations to stronger factors or other MFA usage anomalies
The MFA Prevalence by User Count graph that you see in the Dashboard provides a visualization of the total count of MFA factors, broken down by enabled versus in use, and color coded by factor assurance level, so that you can better understand which MFA factor types are most frequently configured and or used across your organization.
Clicking either segment (enabled or in use) of one of the bars in this visualization will take you to the Users page, pre-filtered for that specific factor type and usage type. Clicking on a value in the legend below the graph will remove the corresponding data points from the visualization.
Applications
The Dashboard also contains a couple widgets focused on application usage within your environment. Removing user access from unused applications, especially sensitive/critical business applications, can not only help you save on licensing costs, but also improves your organization's security posture by reducing unnecessary application access.
Sensitive Applications Activity
Purpose & Benefit: Highlights users who could be deprovisioned from sensitive apps, reducing the overall attack surface and the blast radius for a given account should be it be compromised, while also reducing license costs for your organization.
The Sensitive Applications Activity widget provides a breakdown of the number of accounts who are assigned an application and are using that application compared to accounts not using the application.
Clicking either segment ('using the application' or 'not using the application') of one of the bars in the visualization will take you to the Users page, pre-filtered for the selected application and user segment.
To customize the list of sensitive applications to align with your organization's preferences, go to the Sensitive Applications area of Tenant Settings within the platform. Documentation on how to configure your sensitive applications list can be found here.
Least Used Apps
The Least Used Apps widget shows you the applications that are most frequently unused by the accounts who have access to them.
Clicking on any of the application names in the list will take you to the Users page, pre-filtered for users that have been assigned the selected application.
Identity Posture Score
The Identity Posture Score is a single score calculated for your organization to help you quickly and easily determine your organization's posture state, as well as highlight areas of focus to improve your organization's overall identity security hygiene. The score utilizes multiple variables, many of which are visualized elsewhere in the Dashboard, to calculate a score for your organization.
To learn more about the Identity Posture Score and its thresholds, or what factors are included in the calculation, how it is calculated, why identity posture matters, how to improve your score and more, see our documentation about the Identity Posture Score.
There are two widgets in the Dashboard related to Identity Posture score which are described below.
Identity Posture Score
The first widget, Identity Posture Score, provides your organization's current Identity Posture Score. This widget shows you:
the organization's current score and score threshold category
the change (+ or -) to the score over the last 30 days
the last day the score was calculated
recommendations for how to improve your score including
the number of users failing the check associated with the recommendation
the severity of the issue that is being recommended for remediation
Click the number of users in the 'Failing Users' column to go to the Users page, pre-filtered for the users failing the selected check so that you can take action to improve your organization's identity posture score.
Identity Posture Trend
The second widget, Identity Posture Trend, depicts changes to your organization's posture score overtime so that you can see and report on your organization's progress, as well as better understand how different events may have impacted your organization's Identity Posture Score positively or negatively over time.
If you hover over a data point, which are marked by a dot on the trend line, you will some explainability about why the score may have increased or decreased. The 3 attributes that contributed most to the score change will be displayed when you hover on a specific data point.
By default, this widget looks at the last 30 days; however, you can use the timeframe filter in the top righthand corner of the widget to change the widget's timeframe to be longer or shorter depending on your needs.
Check actions taken over last 30 days
The Check Actions widget was developed to provide Identity Intelligence platform admins and other users insights into the different actions that other colleagues are taking in the platform on user check failures over the last 30 days. The metrics displayed in this widget include:
User activity marked as normal behavior
User activity marked as interesting
Users excluded or re-included in a check
Clicking on any of the metrics in this widget will take you to the System Logs, pre-filtered on the action selected, where you can see more detailed information on the date the action was taken, who took the action, and which user account and check failure the action was taken on.
Last updated