🗺️Overview Tab
Last updated
Last updated
Overview
The purpose of the Overview tab is to provide you with high level context on who a user is. Identity Intelligence will consolidate a user's information across sources (Entra ID, Duo, Salesforce, Github, Workday, etc) where the same email address has been associated, so that you can see all the information about one identity in one view.
The Overview tab is the first tab of the User 360. You will land on this tab when clicking through a user from the Users page.
In this article, we will describe the purpose and data of each widget of the Overview tab in detail.
The Summary widget displays high level context about a user that has been gathered across the different sources associated with an identity. The Summary widget is the first widget on the left hand side of the Overview tab. It is immediately below the user's display name and email.
Hovering over any icon in the Summary widget will display a tooltip indicating the information being shown alongside the respective icon. Below are the elements visible in the Summary widget, and the corresponding definitions:
User Type
Combines IdP Status, Identity Intelligence Status, and HRIS status if available, to provide more context on this user's current state
To learn more about this status, check out User Statuses
Title
The user's current job title
This information must be available in the IdP or HRIS for this field to populate. If it is not available, it will show as N/A
Department
The department the user belongs to
This information must be available in the IdP or HRIS for this field to populate. If it is not available, it will show as N/A
Organization
The organization the user belongs to
This information must be available in the IdP or HRIS for this field to populate. If it is not available, it will show as N/A
Registered Location
The user's registered working location
This information must be available in the IdP or HRIS for this field to populate. If it is not available, it will show as N/A
MFA Status
Whether this user has any forms of MFA configured on an account
If yes = MFA Configured If no = MFA Missing
Last Successful Login
The last successful login date, time (UTC), and days elapsed, recorded for this user
User Manager
The user's manager's name
This information must be available in the IdP or HRIS for this field to populate. If it is not available, it will show as N/A
This field can be updated directly in Identity Intelligence by clicking the pencil icon; however, updating this field will not modify any data within the IdP. It will only change how the information is presented within Identity Intelligence. This action can always be undo later on
Lifecycle Events
Highlights recent, notable events that have occurred on this user's account that can be beneficial to know about during an investigation. Lifecycle events are displayed here for 7 days after the event is noted New Account badge - indicates that this account was recently created. Includes the date the account was created Significant Change badge - indicates that an uncommon, but important, activity has recently happened on this account (for ex: MFA factor added, admin privileges granted, sensitive app assigned, etc). Describes the event type(s) and the date(s) associated with the event
If this field is not visible, it means there have been no recent lifecycle events associated with this user in the last 7 days
The User Trust Level provides an overview of the user's current Trust Level. This widget shows what the user's current trust level is, as well as what factors contributed to the user's particular Trust Level. The User Trust Level widget is the first widget in the middle of the Overview tab, immediately below the tab names. From this widget, you can dive deeper into the user's events to investigate the details of a unique event or the events that happened in the 48 hours before and after the user's Trust Level changed.
More detailed information about this widget and the User Trust Level can be found in the User Trust Level docs.
The last log in attempt widget shows you information about the last log in attempt recorded for this user, regardless of result. The Last Login Attempt widget is on the left hand side of the Overview tab, directly below the Summary widget.
It will surface:
Last log in attempt result - ex. success, failure, challenge, etc
If there is a failure, it will also include the reason for the failure - ex. invalid credentials, etc
Date and time of last attempt (in UTC)
Location of last attempt
IP Address of last attempt
Clicking the View more data button at the bottom of this widget will take you to the Activity Tab, filtered by the event associated with the last log in attempt.
Both Login Attempt visualizations can be found directly beneath the Failed Checks widget.
Attempted Logins
A pie chart breaking down the login attempts by result (success, failure, etc) for the user. This visualization is based on the user's history since the user has been monitored by Identity Intelligence (ie: all time)
To export this visualization to a PNG, SVG, or get the raw data in a CSV, click the 3 line button in the top right corner of the widget.
Records per day
A bar graph visualization breaking down the login attempts per day by result. By default, this timeline visualization looks across 30 days of activity. However, to see the same data over a smaller or larger timeframe, you can click the + or - buttons in the top right.
If the user is Inactive, this widget will still be visible but blank with a message stating "No records found".
To export this visualization to a PNG, SVG, or get the raw data in a CSV, click the 3 line button in the top right corner of the widget.
Because Identity Intelligence merges accounts across data sources based on email address into one user record, it is common for one user record to have accounts across multiple data sources. The Source Cards help you see the data sources where this user has an account that exists, and the different information coming from each source. On the left hand side of the Overview tab, there will be a source card for each data source that contains an account for the given user. Active source cards are always visible, while deleted or deprovisioned sources for a user are collapsed together and can be expanded for more information. The information in each source card will vary depending on the data source itself, as well as what information is available for a given user in the data source. For example, if Okta is your IdP and the fields for a specific user's registered location, job title, manager, etc, have not been populated for this user, those fields will not be displayed. You may see this information on another user in your environment, however, if those fields were filled out for that user in Okta.
All of the information in the source cards is coming directly from the source itself, except for the field called Identity Intelligence Type. The Identity Intelligence Type is assigned by Identity Intelligence based on a variety of different factors, such as IdP type, job title, department, etc.
The Activity Flow widget provides a visual representation of a user’s activities including locations visited, applications accessed, and related events, so that you can quickly identify anomalies and investigate specific user activities more effectively. The Activity Flow visualization widget can be found directly below the Login Attempt Visualizations.
The activity flow widget defaults to showing the user's activity over a 30 day window. This can be customized using the date picker in the top right corner of the widget. If you would like to full screen the flow, click on the Expand icon in the bottom left corner of the widget. To save a PNG of the flow, click on the Camera icon in the bottom left corner of the widget, next to the Expand icon.
Clicking on any of the colored bars within the visualization will take you to the Activity tab, pre-filtered on all events associated with your selection.
If the user is Inactive, this widget will still be visible but blank with a message stating "No records found".
The Authentication Factors widget displays all the authentication factors associated with a particular user, across all sources associated with that user. The Authentication Factors widget is below the Activity Flow visualization. However, if there is no MFA configured on a user's account, this widget will not be visible.
Read our MFA Factors FAQ for more information
All columns in this widget, except Factor, can also be sorted by ascending or descending values, by clicking on the arrows next to each column header.
By default, the Authentication Factors widget contains the following information:
Factor
Factor type (ie: Password, SMS, Push, etc)
Source associated with the factor
Factor ID
If the factor is new or weak, a tag indicator will be displayed next to the Factor Type
Assurance Level
Assigned by Identity Intelligence to make it easier to identify the posture of a specific factor. To learn more about Assurance Level mapping, click here (Link TO FAQ) Possible values: High, Medium, Low, Unknown
Status
The enrollment status of a given factor. Note: not all statuses are available with all data sources
Active - Factor is enabled and can be utilized
Disabled - Factor was reset or disabled and cannot be utilized Pending - Factor configuration process was started but not completed (ex: MFA Application is on device, but was not enabled for MFA)
# Changes
The number of changes that have been made to the factor
Usage Count
The number of times the factor has been utilized by the user
Device
The name of the device associated with the factor
Phone Number
The phone number associated with the factor, if relevant
Last Used (UTC)
The date and time the factor was last used successfully
Similar to the Users Table, columns can be added or removed from this table by clicking on the Columns button on the upper right of the table. Factor Type and usage count cannot be removed. To restore the default, click Restore Default after clicking the Columns button.
The columns that are not included by default are:
Last Updated (UTC)
The date and time of the factor was last changed
To see more details about changes to a factor, click on the down arrow on the left of Factor to expand the details and see last updated date, created date, and any factor change information.
Created (UTC)
The date and time that the factor was set up
These four widgets, below the Authentication Factors table, show a quick snapshot of groups and application usage for a user.
Groups
Total number of groups this user is part of.
To see more details about a user's groups, click the View All button to navigate to the Groups tab or navigate to the Groups tab directly yourself.
Applications Allowed
Total number of applications assigned to this user.
To see more details about a user's applications, click the View All Applications button to navigate to the Applications tab or navigate to the Applications tab directly yourself.
Unused Applications
Total number of applications assigned, but not in use, for this user.
To see more details about a user's applications, click the View All Applications button to navigate to the Applications tab or navigate to the Applications tab directly yourself.
Most frequently used applications
This bar graph visualization shows you the Top 10 most frequently used applications for a user, along with the usage count for each application. If the user is Inactive, this widget will still be visible but blank with a message stating "No records found". Clicking into one of the bars in this visualization will bring you to the Activity tab, pre-filtered on all events associated with the selected application. To export this visualization to a PNG, SVG, or get the raw data in a CSV, click the 3 line button in the top right corner of the widget.
If you have a ticketing service integration set up, you can open tickets for a user directly via the Actions button in Identity Intelligence. Once you have opened a ticket for a user, a table will populate in this widget, which is below the Group and Application widgets. If there are no tickets associated with a user, this widget will still be visible but blank with a message stating "No records found".
Note: If you do not have a ticketing service integration set up, you will not see this widget.
Below is a table with the different fields visible in the table:
Name
User's name + name given to a ticket when it was opened ex. John Smith: Ticket Test
State
Ticket's state as set in the Ticketing System
Priority
Ticket's priority as set in the Ticketing System
Urgency
Ticket's urgency as set in the Ticketing System
Ticket Opened (UTC)
The date and time the ticket was created
Last Updated (UTC)
The date and time the ticket was most recently updated
Sometimes a user might have more than one account in your system, under different email addresses. We recommend linking these accounts for hygiene purposes. To learn more about the importance of linking users, how to add/remove linkages or filter on linked users, read more here.
Below the Tickets widget, is the Linked Users widget, which will show you all the linked users associated with a user. If there are no linked users associated with a user, this widget will still be visible but blank with a message stating "No records found" and a button to add linked users.
Once you have linked a user to another user, a table will populate with information on the current user, and all associated linked users. The following fields are available in the table for each linked user:
User
User's display name and user's email address
The first user in the table is always the user who's User 360 you are currently on
Status
The user's Identity Intelligence Status and lifecycle events, if present
Identity Intelligence Type
The Identity Intelligence user type assigned based on compiled identity data source user types
Last Seen (UTC)
Last login attempt for a user, regardless of result
Last Location
Last login attempt location for a user, regardless of result
MFA Configured
Providers
Logo icon for each source associated where the user's email was associated Hovering over a logo displays the name given to each source during the Integration setup (link to integrations)
= MFA Configured = MFA Not Configured