Cloud Administration Console Dashboard

The dashboard displays the deployment setup status, publishing status of configuration changes, the validity of domain certificates, component status, number of protected resources, and a graph of identity router activity.

For more information, see:

Deployment Setup and Configuration Status

After you decide which resources you want to protect and select the appropriate setup path, the dashboard guides you through the first-time setup process and displays the required components for those resources. Select one setup path. You can choose to protect:

  • Applications. Web applications using the SSO Service on the identity router and cloud based portals
  • Note: The IDR Portal applications are available only if Identity Router based portal is enabled.
  • Relying parties. Web applications protected by the Cloud Authentication Service. These can be individual web applications or third-party SSO service.
  • RADIUS clients. Configure authentication for RADIUS clients such as VPNs.

After initial setup, you can return to the dashboard page to configure additional services at any time. In the Protected Resources section, click a resource to view the components you need to configure. See how it works.

If you do not need to configure your deployment for Applications, Relying Parties, or RADIUS clients, you can skip the Getting Started setup paths and go directly to the dashboard.

Monitor Uptime Status for the Cloud Authentication Service

To view the status of the pod hosting your company services, see Monitor Uptime Status for the Cloud Authentication Service for instructions.

Usage Information

Usage information is updated from cached data once every hour.

The dashboard displays licensing and authenticator usage information:

Field Description

All Cloud Users

A user who has a registered authenticator, who has authenticated successfully in the last six months, or whose record is managed as part of the Unified Directory counts as Cloud user.

A user is counted as "Cloud User" if one or more of the following criteria are met:

SecurID authenticators that are assigned in Authentication Manager do not count as registered authenticators.

  • A user who has authenticated successfully in the last six months

A successful authentication is counted any time the Cloud Authentication Service authenticates the user to allow access to a protected resource. This includes the following situations:

  • When users authenticate to the Cloud Authentication Service based on the access policy that may or may not require them to provide additional registered credentials. For example, if a user authenticates using password only based on the access policy, it will be a successful authentication.

  • When users authenticate through the Cloud Authentication Service to access resources protected by Authentication Agents, RADIUS, or any custom-built clients. These Authentication Agents can be connected directly to the Cloud Authentication Service or via Authentication Manager as a secure proxy.

Authentication attempts that are denied access are not counted.

  • A user record that is managed by the Unified Directory (Unified Directory Users)

This includes local users and external users managed in the Unified Directory and does not include the users synchronized through the Active Directory (AD) or LDAP. To add Unified Directory users, you need to enable the Unified Directory feature in the Cloud Administration Console. For more information, see Unified Directory.

Disabled users are not counted as part of the Cloud ones.

Note: The MFA licenses used are counted as part of the Cloud users count in the last six months.

Credentials Registered

The following authenticators must be registered with the Cloud Authentication Service:

  • Authenticator App

  • SecurID 700 hardware authenticators that are managed in the Cloud Administration Console

  • DS100 (OTP and FIDO) hardware authenticators

  • Third Party FIDO: Users who registered a third-party FIDO authenticator. See FIDO for a list of supported authenticators.

SMS/Voice Messages Sent (Current Month) Number of messages sent in a given month. Resets to 0 on the first day of the month.

The following hardware authenticator information is displayed when this functionality is enabled:

Field Description
SecurID SID700
Total Total number of SID700 hardware authenticators that are assigned or not assigned to users.

Assigned

Number of SID700 hardware authenticators in the Cloud Authentication Service that are assigned to users.

Unassigned

Number of SID700 hardware authenticators in the Cloud Authentication Service that are not assigned to any user.
Disabled Number of SID700 hardware authenticators that are disabled in the Cloud Authentication Service and cannot be used.
Expiring within 90 days Number of SID700 hardware authenticators in the Cloud Authentication Service to expire within the next 90 days.
SecurID DS100 OTP Credentials
Enabled Number of DS100 OTP credentials that are enabled in the Cloud Authentication Service.
Disabled Number of DS100 OTP credentials that are disabled in the Cloud Authentication Service and cannot be used.
SecurID DS100 FIDO Credentials
Enabled Number of DS100 FIDO credentials that are enabled in the Cloud Authentication Service.
Disabled Number of DS100 FIDO credentials that are disabled in the Cloud Authentication Service and cannot be used.

Note: The usage information is updated once every hour.

Publish Status

Use the Publish Status to determine if there are pending configuration changes to be published, or if another administrator recently published changes to the identity routers and the Cloud Authentication Service. This section displays the following:

  • Date and time that configuration changes were last published.
  • Status message indicating whether all configuration settings in the Cloud Administration Console are synchronized (published) to the identity routers and Cloud Authentication Service.

Certificates

You can monitor the status of the domain certificates in your deployment, and plan for renewal of expiring certificates. This section displays the following:

  • Date each certificate became valid.
  • Expiration date for each certificate.
  • Remaining time until each certificate expires.

System Status - Identity Routers

The dashboard displays the status of all identity routers in your deployment.

Status Color Meaning
Green Registered and Active
Red Registered and Distressed (not connected to the Cloud Authentication Service)
White Disabled or not registered

The dashboard indicates whether identity sources are configured.

Status Color Meaning
Green Successfully configured
Red Not configured

System Status - SMS/Voice OTPs

If your deployment has enabled SMS OTPs or Voice OTPs, the dashboard displays the total number of OTPs sent for both authentication methods in one calendar month. The total includes OTPs that users might not have received for various reasons, for example, if the Cloud Authentication Service has an incorrect phone number for the user, or the user did not answer a Voice call. The number is automatically updated every month.

Note: The month is based on Coordinated Universal (UTC) time, which may differ slightly from your local time zone.

Protected Resources

The dashboard indicates how many applications, service providers, and RADIUS clients have been added to the deployment.

Note: The IDR Portal Applications section is available only if Identity Router based portal is enabled.