Dashboard quick reference

The SecureAuth IdP dashboard provides views of authentication activity across your environment. Use this quick reference to find which tab answers your question about login volumes, authentication methods, user activity, or potential security threats.

Find your dashboard tab

What you want to see	Dashboard tab
Login totals for the past 24 hours, 7 days, 30 days, and year	Company dashboard (At a glance)
Successful vs. failed login trend over time	Company dashboard (At a glance)
Logins broken down by OS, application, authentication method, and appliance type	Company dashboard (At a glance)
Login activity for the past 24 hours by application, authentication method, and appliance type	Hourly report
Failed login attempts by authentication method in the past 24 hours	Hourly report
Logins per hour with success and failure counts	Hourly report
Login counts by OS, browser, and IP address	OS statistics
Success and failure rates broken down by operating system	OS statistics
Which users have the most logins or failed logins	Company logins
Login outcomes by user ID with TRX result details	Company logins
Login volume and trends by application or realm	Application/Realm number
Application spread across appliances	Application/Realm number
Login attempts broken down by authentication method over time	Authorization method
Login outcomes by company, authentication method, and date	Authorization method
Unique users and requests by appliance and authentication method	Authorization method
Potential brute force password attack activity	Auth risk insights
Potential password spray attack activity	Auth risk insights
Potential MFA fatigue attack activity	Auth risk insights
Authentication attempts from risky IP addresses	Auth risk insights
LOA score distribution, confidence trends, and recent authentication locations by score level	LOA score

Dashboard tabs at a glance

Company dashboard (At a glance) shows high-level login health across your entire SecureAuth IdP environment. Use it to check overall login volume, identify trends in successful vs. failed logins, and see how users are authenticating across operating systems, applications, and appliance types. See Dashboard: Login data overview for guidance on interpreting patterns and warning signs.

Hourly report shows authentication activity from the past 24 hours broken down by hour. Use it to pinpoint when login spikes or failures occurred and which authentication methods are driving failures.

OS statistics shows login attempts segmented by operating system, browser, and IP address. Use it to understand the device and network profile of your users and identify unusual access patterns by OS or source IP.

Company logins shows login activity at the user level. Use it to identify users with high login volumes, investigate failed login patterns, and review TRX result details for specific users.

Application/Realm number shows login volume and trends per application or realm. Use it to see which applications are most active, track usage trends over time, and understand how applications are distributed across appliances.

Authorization method shows login attempts broken down by authentication method over time. Use it to compare method usage across companies, track success and failure rates per method, and identify unusual authentication patterns.

Auth risk insights monitors authentication threats across your environment. Use it to detect potential brute force attacks, password spray attacks, MFA fatigue attacks, and suspicious activity from high-risk IP addresses. See Dashboard: Authentication risk insights for full details.

LOA Score shows Level of Assurance score distribution across your environment. Use it to monitor authentication confidence trends over time, review analyzer details, and see recent authentication locations by score level. LOA scoring requires the Prevent package license and activation in Level of Assurance (LOA) provider settings before data appears.

Auth risk insights: threat detection summary

The Auth risk insights tab tracks four types of potential authentication threats.

Threat type	What it detects	What you see
Potential brute force password attack	Repeated failed login attempts against a single account	Top 10 users by failed attempts, failed attempts per day, user account status (active or locked)
Potential password spray attack	One IP address attempting common passwords across many accounts	Blocked IPs by attempt count, top 10 blocked IPs, top 10 targeted users, attack location map
Potential MFA fatigue attack	Accounts receiving excessive MFA push requests	MFA fatigue details by user, top 10 users by MFA attempts, MFA attempts per day
Potential risky IP activity	Authentication attempts from IPs with suspicious or malicious reputation	Attempts by IP with risk level (high, medium, low), users by risk level, IP risk by country map

Enable data collection for threat detection

Threat data appears only after the corresponding protection feature is enabled.

Threat type	Required feature
Potential brute force password attack	Enable Password Throttling to to limit failed password attempts and lock users with repeated invalid attempts.
Potential password spray attack	Add a Dynamic IP Blocking rule to block IP addresses after failed login attempts using different usernames.
Potential MFA fatigue attack	Enable MFA Throttling to limit failed MFA attempts and lock users with repeated invalid attempts.
Potential risky IP activity	Configure IP-based blocking rules in your authentication policies.

Dashboard controls

Each dashboard tab includes a Controls section at the top. Use controls to filter data by date range, company ID, deployment type, and other dimensions specific to each tab.

Control	Available on
Start Date / End Date	All tabs
Deployment type	Company dashboard, OS statistics, Application/Realm number, Authorization method
Authentication Method	Authorization method
TRX Result	OS statistics, Application/Realm number
Application (Realm)	Application/Realm number
User ID	Company logins

Common questions

The LOA Score tab is available at Dashboard > Login Data > LOA Score. It displays average LOA scores, score trends over time, analyzer confidence details, and recent authentication locations.

LOA scoring requires the Prevent package license and must be activated in Risk and Assurance Providers>Assurance Provider. If you do not have access, contact SecureAuth Support.

LOA scores use machine learning and require a minimum of 50 authentication events per user before scores are generated. During this initial learning period, scores may not yet appear for all users. See SecureAuth Level of Assurance (LOA) Provider settings for setup instructions.