Documentacao renderizada
Esta pagina renderiza o Markdown e Mermaid do modulo diretamente da fonte publica de documentacao.
Overview#
The Authentication Analytics and Monitoring module provides real-time visibility into authentication patterns, security threats, and MFA adoption across your organization. By continuously analyzing authentication events, the system enables security teams to detect anomalies rapidly, respond to threats in real time, and improve overall authentication security posture.
Key Features#
-
Real-Time Authentication Dashboard - Monitor login success rates, failed authentication attempts, MFA usage patterns, and active sessions across your entire user base with live-updating dashboards.
-
Breach Detection - Continuous monitoring against a large database of known compromised credentials alerts administrators when users are found to be using passwords that have appeared in data breaches.
-
Behavioral Baselines - Machine learning models establish behavioral baselines for each user, flagging deviations that indicate account compromise, credential stuffing, or insider threats.
-
Geographic Anomaly Detection - Identify logins from unusual locations, impossible travel scenarios, and access from high-risk regions or anonymizing networks.
-
MFA Adoption Tracking - Monitor MFA enrollment rates, authentication method preferences, and identify users or departments that have not yet adopted multi-factor authentication.
-
Automated Alerting - Configure threshold-based and anomaly-based alerts for suspicious authentication events. Alerts can be routed to email, Slack, Teams, PagerDuty, or your SIEM platform.
-
Authentication Trend Analysis - Historical reporting on authentication patterns, including peak login times, session duration trends, device and browser distribution, and authentication method usage over time.
-
Compliance Audit Trail - Complete authentication audit trail supporting SOC 2, GDPR, and HIPAA requirements, with exportable reports for auditors.
Use Cases#
- Detecting credential stuffing attacks by monitoring for spikes in failed authentication attempts across multiple accounts from similar sources.
- Identifying compromised accounts through behavioral analysis that flags logins deviating from established user patterns.
- Driving MFA adoption by tracking enrollment rates and identifying teams or users who have not enabled multi-factor authentication.
- Supporting compliance audits with comprehensive authentication logs and pre-built compliance reports.
- Monitoring SSO health by tracking authentication success rates and latency across integrated identity providers.
Dashboards and Reports#
- Security Overview - High-level view of authentication health, active threats, and key metrics.
- Failed Login Analysis - Breakdown of failed attempts by reason, user, source, and time period.
- MFA Coverage Report - Organization-wide MFA enrollment and usage statistics by department and user group.
- Geographic Access Map - Visual map showing login locations with anomaly highlights.
- Provider Health - Status and performance metrics for each connected identity provider.
- User Risk Scores - Ranked list of users with elevated risk based on authentication behavior.
Integration#
- SIEM Platforms - Forward authentication events and alerts to Splunk, Datadog, Azure Sentinel, and other SIEM solutions.
- Identity Providers - Aggregate authentication data from Okta, Azure AD, Google Workspace, and other SSO providers.
- Notification Channels - Route alerts through email, Slack, Microsoft Teams, PagerDuty, and webhooks.
Availability#
- Enterprise Plan: Included
- Professional Plan: Core metrics included; advanced analytics and breach detection available as add-on
Last Reviewed: 2026-02-23