SaaS Sign-on

The SaaS Sign-on report provides debugging and activity tracking logs for the multi-factor authentication and single sign-on activity. The Export feature allows you to download SaaS sign-on report data as a CSV file. The SaaS sign-on reports have a retention period of 90 days.

Select the Service Provider, Auth Modes (Zero Sign-on or Multi Factor Authentication), Auth Methods (OTP, Push, QR Code, IDP Login), and the Status appropriately to fetch the desired report. The Auth Method that you select displays the appropriate Status for that method. Select the Status that is applicable to the method from the list.

For UserID, enter a partial or complete UserID in the query search bar.

Figure 1. SaaS sign-on report

The following table provides the multi-factor authentication actions logged and reported in Reports > SaaS Sign-on.

Table 31.  actions reported for SaaS Sign-on

Status

Description

Device Status

Activated device

User activates the client app.

The client app is either Go or Authenticator.

Deactivated device

User deactivates the client app.

The client app is either Go or Authenticator.

No activated device

User tries to log in through the client app but has not activated the client app on a device.

Non Compliant Device

The users device does not meet the compliance policy.

Authentication Status

Error

Push notification could not be sent.

IDP Login Attempted

User logs in using identity provider instead of SaaS Sign-on.

OTP incorrect

User uses an incorrect one-time passcode (OTP).

OTP successful

User uses one-time passcode (OTP) to approve the transaction and is successful.

Push rejected

Firebase or APNS returned an error, therefore a push notification was not sent.

Push successful

Push is successfully sent to the Firebase or APNS service.

QR code scanned

Allows the user to view only logs for authentication to the service provider done using QR code.

Sign-In requested

A sign-in request is received by notification or QR scan.

Saas Sign-on Configuration

Invalid transforms

Configuration for SaaS sign-on in Ivanti Access in Profile > SaaS Sign-on is incorrect. An incorrect configuration results in an exception during evaluation of the MiTra against the Ivanti Tunnel certificate.