# Cisco Identity Checks

Cisco Identity Intelligence provides two categories of insights: identity threat detection and identity posture management. More information about the different types of checks can be found [here](/understanding-check-failures.md#different-types-of-checks).

Navigate to the relevant section or search for a specific area of interest using either the left hand navigation menu or the list below. Click on any detection to read more information about what criteria is used to fail a user for a specific check, which data sources are compatible with each check, as well as recommendations to remediate and customizable settings.

{% tabs %}
{% tab title="Identity Posture Management" %}

<figure><img src="/files/rwJcemnWyxR33LgtBeGR" alt=""><figcaption></figcaption></figure>

[Access from Denied Territories](/understanding-check-failures/oort-insights/identity-posture-management-insights/access-from-denied-countries.md)

[Agentic Application Reuse](/understanding-check-failures/oort-insights/identity-posture-management-insights/agentic-application-reuse.md)

[Allow/Block Email Logins](/understanding-check-failures/oort-insights/identity-posture-management-insights/allow-block-email-logins.md)

[Application Login Bypasses SSO](/understanding-check-failures/oort-insights/identity-posture-management-insights/application-login-bypasses-sso.md)

[Applications with Expired Secret](/understanding-check-failures/oort-insights/identity-posture-management-insights/applications-with-expired-secret.md)

[HRIS Discrepancies](/understanding-check-failures/oort-insights/identity-posture-management-insights/hris-discrepancy.md)

[Identity Intelligence Client Secret Expiring Soon](/understanding-check-failures/oort-insights/identity-posture-management-insights/oort-client-secret-expiring-soon.md)

[Inactive Account Probing](/understanding-check-failures/oort-insights/identity-posture-management-insights/inactive-account-probing.md)

[Inactive Guest Users](/understanding-check-failures/oort-insights/identity-posture-management-insights/inactive-guest-users.md)

[Inactive Users](/understanding-check-failures/oort-insights/identity-posture-management-insights/inactive-users.md)

[Missing Value in Mandatory Field](/understanding-check-failures/oort-insights/identity-posture-management-insights/missing-value-in-mandatory-field.md)

[Never Logged In](/understanding-check-failures/oort-insights/identity-posture-management-insights/never-logged-in.md)

[No MFA Configured ](/understanding-check-failures/oort-insights/identity-posture-management-insights/no-mfa-configured.md)

[No Strong MFA Configured](/understanding-check-failures/oort-insights/identity-posture-management-insights/no-strong-mfa-configured.md)

[Non-Human Identity Password Expiration Failure](/understanding-check-failures/oort-insights/identity-posture-management-insights/non-human-identity-password-expiration-failure.md)

[Non-Human Identities with No MFA Configured](/understanding-check-failures/oort-insights/identity-posture-management-insights/non-human-identities-with-no-mfa-configured.md)

[Okta Long Running Sessions](/understanding-check-failures/oort-insights/identity-posture-management-insights/okta-long-running-sessions.md)

[Okta Session Length Policy Compliance](/understanding-check-failures/oort-insights/identity-posture-management-insights/okta-session-length-policy-compliance.md)

[Personal VPN Usage](/understanding-check-failures/oort-insights/identity-posture-management-insights/personal-vpn-usage.md)

[Provider User Type Missing](/understanding-check-failures/oort-insights/identity-posture-management-insights/user-type-missing.md)

[Rate Limit Alert](/understanding-check-failures/oort-insights/identity-posture-management-insights/rate-limit-alert.md)

[Role Assigned to Azure Cloud Only Account](/understanding-check-failures/oort-insights/identity-posture-management-insights/role-assigned-to-azure-cloud-only-account.md)

[Service Account Reuse](/understanding-check-failures/oort-insights/identity-posture-management-insights/service-account-reuse.md)

[Shared Mailbox Sign In Enabled](/understanding-check-failures/oort-insights/identity-posture-management-insights/shared-mailbox-sign-in-enabled.md)

[Slack User Inconsistencies](/understanding-check-failures/oort-insights/identity-posture-management-insights/slack-user-inconsistencies.md)

[Telecom MFA Limit Reached](/understanding-check-failures/oort-insights/identity-posture-management-insights/telecom-mfa-limit-reached.md)

[Unmanaged Devices Access](/understanding-check-failures/oort-insights/identity-posture-management-insights/unmanaged-devices-access.md)

[Unused Application for a User](/understanding-check-failures/oort-insights/identity-posture-management-insights/unused-application-for-a-user.md)

[Upcoming App Key Expiration](/understanding-check-failures/oort-insights/identity-posture-management-insights/upcoming-app-key-expiration.md)

[User Authorized to Bypass MFA](/understanding-check-failures/oort-insights/identity-posture-management-insights/user-authorized-to-bypass-mfa.md)

[User Has Directly Assigned Application](/understanding-check-failures/oort-insights/identity-posture-management-insights/user-has-directly-assigned-application.md)

[User in IDP but not in HRIS](/understanding-check-failures/oort-insights/identity-posture-management-insights/user-in-idp-but-not-in-hris.md)

[User Password Expiration Failure](/understanding-check-failures/oort-insights/identity-posture-management-insights/user-password-expiration-failure.md)

[User Stuck in Non-Functional State](/understanding-check-failures/oort-insights/identity-posture-management-insights/user-stuck-in-non-functional-state.md)

[User Sharing Authenticators](/understanding-check-failures/oort-insights/identity-posture-management-insights/users-sharing-authenticators.md)

[Weak MFA Was Used to Successfully Sign In](/understanding-check-failures/oort-insights/identity-posture-management-insights/weak-mfa-was-used-to-successfully-sign-in.md)
{% endtab %}

{% tab title="Identity Threat Detection" %}

<figure><img src="/files/I2I6QwMP1Cc9ZhC4RhRJ" alt=""><figcaption></figcaption></figure>

[A Bypass Code Was Used To Successfully Sign In](/understanding-check-failures/oort-insights/identity-threat-detection-insights/a-bypass-code-was-used-to-successfully-sign-in.md)

[Access From Dormant Account](/understanding-check-failures/oort-insights/identity-threat-detection-insights/access-from-dormant-account.md)

[Access From Dormant Non-Human Identity](/understanding-check-failures/oort-insights/identity-threat-detection-insights/access-from-dormant-non-human-identity.md)

[Accounts With Unusually High Activity](/understanding-check-failures/oort-insights/identity-threat-detection-insights/accounts-with-unusually-high-activity.md)

[Active Account under Heavy Attack](/understanding-check-failures/oort-insights/identity-threat-detection-insights/active-account-under-heavy-attack.md)

[Activity From Untrustworthy ISP](/understanding-check-failures/oort-insights/identity-threat-detection-insights/activity-from-untrustworthy-isp.md)

[Admin Impersonation in Okta](/understanding-check-failures/oort-insights/identity-threat-detection-insights/admin-impersonation-in-okta.md)

[Admin Role Assigned to User ](/understanding-check-failures/oort-insights/identity-threat-detection-insights/admin-role-assigned-to-user.md)

[Admin Role Assigned to Non-Human Identity](/understanding-check-failures/oort-insights/identity-threat-detection-insights/admin-role-assigned-to-non-human-identity.md)

[Authenticator Registration Anomalies](/understanding-check-failures/oort-insights/identity-threat-detection-insights/authenticator-registration-anomalies.md)

[Break-Glass Account Successful Sign In](/understanding-check-failures/oort-insights/identity-threat-detection-insights/break-glass-account-successful-sign-in.md)

[Code Exfiltration By Guest Account](/understanding-check-failures/oort-insights/identity-threat-detection-insights/code-exfiltration-by-guest-account.md)

[Compromised Sessions](/understanding-check-failures/oort-insights/identity-threat-detection-insights/compromised-session.md)

[Google Drive File with Excessive Sharing Permissions](/understanding-check-failures/oort-insights/identity-threat-detection-insights/google-drive-file-with-excessive-sharing-permissions.md)

[Impossible Travel](/understanding-check-failures/oort-insights/identity-threat-detection-insights/impossible-travel.md)

[IP Threat Detected](/understanding-check-failures/oort-insights/identity-threat-detection-insights/ip-threat-detected/ip-threat.md)

[Login to Admin Console](/understanding-check-failures/oort-insights/identity-threat-detection-insights/login-to-admin-console-in-okta.md)

[MFA Flood](/understanding-check-failures/oort-insights/identity-threat-detection-insights/mfa-flood.md)

[Microsoft Entra ID Admin Activity Anomaly](/understanding-check-failures/oort-insights/identity-threat-detection-insights/azure-admin-activity-anomaly.md)

[New Country for Tenant](/understanding-check-failures/oort-insights/identity-threat-detection-insights/new-country-for-tenant.md)

[New IdP Created](/understanding-check-failures/oort-insights/identity-threat-detection-insights/new-idp-created.md)

[Non-Human Identity with Interactive Browser Access](/understanding-check-failures/oort-insights/identity-threat-detection-insights/non-human-identity-with-interactive-browser-access.md)

[Okta Admin Activity Anomaly](/understanding-check-failures/oort-insights/identity-threat-detection-insights/okta-admin-activity-anomaly.md)

[Rare Browser Activity](/understanding-check-failures/oort-insights/identity-threat-detection-insights/rare-browser-activity.md)

[Registered Location Mismatch](/understanding-check-failures/oort-insights/identity-threat-detection-insights/registered-location-mismatch.md)

[Risky Parallel Sessions](/understanding-check-failures/oort-insights/identity-threat-detection-insights/risky-parallel-sessions.md)

[Service Account Successful Sign In](/understanding-check-failures/oort-insights/identity-threat-detection-insights/service-account-successful-sign-in.md)

[Service Principal Risk Detected](/understanding-check-failures/oort-insights/identity-threat-detection-insights/service-principal-risk-detected.md)

[Shared Mailbox Successful Sign In](/understanding-check-failures/oort-insights/identity-threat-detection-insights/shared-mailbox-successful-sign-in.md)

[Sign In Threat Detected](/understanding-check-failures/oort-insights/identity-threat-detection-insights/sign-in-threat-detected.md)

[Sign-in from Recently Created IdP](/understanding-check-failures/oort-insights/identity-threat-detection-insights/sign-in-from-recently-created-idp.md)

[Successful Access from a Previously Only Failing IP](/understanding-check-failures/oort-insights/identity-threat-detection-insights/successful-access-from-a-previously-only-failing-ip.md)

[Super Admin Login to Google](/understanding-check-failures/oort-insights/identity-threat-detection-insights/super-admin-login-to-google.md)

[Suspicious Activity Reported by End User](/understanding-check-failures/oort-insights/identity-threat-detection-insights/suspicious-activity-reported-by-end-user.md)

[Unusual Repo Access](/understanding-check-failures/oort-insights/identity-threat-detection-insights/unusual-repo-access.md)

[User IP in Blocked State](/understanding-check-failures/oort-insights/identity-threat-detection-insights/user-ip-in-blocked-state.md)

[User Lock Out Risk Detected](/understanding-check-failures/oort-insights/identity-threat-detection-insights/user-lock-out-risk-detected.md)

[User Trust Level Alert](/understanding-check-failures/oort-insights/identity-threat-detection-insights/user-trust-level-alert.md)

[Users With Defined Email Forward Rules](/understanding-check-failures/oort-insights/identity-threat-detection-insights/users-with-defined-email-forward-rules.md)

[Users with New Email Forward Rules](/understanding-check-failures/oort-insights/identity-threat-detection-insights/users-with-new-email-forward-rules.md)

[Weak MFA Manually Activated and Utilized](/understanding-check-failures/oort-insights/identity-threat-detection-insights/weak-mfa-manually-activated-and-utilized.md)
{% endtab %}
{% endtabs %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.oort.io/understanding-check-failures/oort-insights.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.