Dashboard: Authentication Types overview

The tab is organized into three sections:

You can filter each section by date range: past 24 hours, 7 days, 30 days, or year from today.

Healthy authentication device data typically shows these patterns:

Device enrollment grows with your user base. As you onboard users and roll out MFA, the number of enrolled mobile and authenticator devices increases steadily. Enrollment counts that plateau while your user base grows may indicate adoption issues.

Push-enabled devices outnumber TOTP-only devices. If you've deployed the Authenticate app, most enrolled mobile devices should be push-enabled. A high ratio of TOTP-only devices may indicate users are enrolling third-party authenticator apps instead.

Low and stable push notification block counts. A small number of blocked IP addresses is normal. Users occasionally block unfamiliar push requests as a security precaution. Blocks auto-unblock after 24 hours.

Sudden drop in enrolled device counts. A decrease in enrolled devices without a corresponding reduction in your user base may indicate a platform issue, a migration problem, or users unenrolling devices.

Spike in push notification blocks. A sharp increase in blocked push notifications may indicate an MFA fatigue attack, where an attacker triggers repeated push requests hoping a user approves one by mistake. Cross-reference with the Auth risk insights tab.

Users with many enrolled devices. A single user with an unusually high number of enrolled mobile or authenticator devices may indicate device management issues or a compromised account being used to register attacker-controlled devices.

Authenticator device enrollment not growing despite FIDO rollout. If you've deployed FIDO2 security keys but enrolled authenticator device counts remain flat, users may not be completing enrollment or may be experiencing registration issues.

View the number of mobile devices enrolled for authentication. The chart shows devices categorized by whether they are enabled for push notifications or TOTP only. You can toggle the view between total count and percentage.

Click View all to see the full list. You can sort by Device Name, Device Type, User, Creation Date, Access Date, and Access Type.

Click Export all enrollment data to CSV to download the full enrollment list.

View the number of hardware authenticator devices (such as YubiKeys and FIDO devices) enrolled for authentication. The chart shows the total number of enrolled devices and the total number of users with enrolled devices.

Click View all to see details and usage history for each device. You can sort by Device Name, User, Auth Type, Creation Date, and Access Date.

Click Export all auth devices data to CSV to download the full authenticator device list.

View data on user-initiated block actions from specific IP addresses. A block action occurs when a user chooses to block unknown login requests sent to their Authenticate app.

Block actions are automatically removed after 24 hours.

Click View all to see who initiated each block and the source IP address. To unblock and resume login requests from a specific IP address, click the trash can icon in the Unblock column.