The pre-built Value-Oriented Dashboards include the following identity dashboards:
- Compliance: Okta MFA Status. Tracks compliance with MFA use (as tracked by Okta) and identifies non-compliant accounts.
-
Identities. This dashboard displays a table with a list of all users in Lucidum
-
Identity Overview. This dashboard displays information about users, their status (deprovisioned, suspended, unauthorized, unmanaged), and their access to your environment.
-
Unauth User Accounts. This dashboard displays information about users, their authentication status, and their access.
Required Connectors #
To find all the assets and users in your environment and also find information about SSO and identity management, Lucidum recommends you configure Lucidum connectors for:
-
The Endpoint Management solutions in your environment (for example, Jamf, Intune, Citrix Endpoint Management, Symantec Endpoint Management, Hexnode)
-
The Mobile Device Management solutions in your environment (for example, Addigy, Citrix Endpoint, Jamf Pro, Kandji)
-
The directory solutions in your environment (For example, Azure AD, Microsoft AD, Jump Cloud, PingOne, OpenLDAP,)
-
The SSO solutions and identify and access management solutions in your environment (for example, Okta, AWS IAM, PingOne, OneLogic, SecurAuth)
-
The DHCP solutions in your environment (For example, Infoblox, Efficient IP, BlueCat)
-
The VPN solutions in your environment (For example, Cisco AnyConnect, FortiClient, Palo Alto VPN, Citrix Gateway, Zscaler Private Access)
-
The cloud solutions in your environment (for example, AWS, Azure, Google Cloud, Oracle Cloud)
Syntax #
When you see :: in a query, this means that the query includes a field of type “nested list” (a table). For example, this query:
User Status::Source match okta AND User Status::Status match Deprovision or User Status::Status match Suspended.
looks like this in the Query Builder:
See Using Queries with Nested Lists for details on nested lists.
Compliance: Okta MFA Status #
The Compliance: Okta MFA Status dashboard tracks compliance with MFA. In this dashboard, MFA is provided by Okta. This dashboard identifies non-compliant accounts.
The Compliance: Okta MFA Status dashboard looks like this:
Base Query #
Most of the charts in this dashboard a query like the following:
-
Okta MFA Status exists AND Data Sources match Okta User AND Last Time Seen within past 1 month AND Okta User Status not match DEPROVISIONED -
This query looks for user records that include the field MFA Status, include data from the Okta User application, have been active in the last month, and are not deprovisioned in Okta.
Charts #
- Percentage MFA Compliance. This chart displays the ratio of user accounts that use MFA and those that do not use MFA.
-
-
This chart uses the query
Okta MFA Status exists AND Data Sources match Okta User AND Last Time Seen within past 1 month AND Okta User Status not match DEPROVISIONED. - From the data returned by the query, the Category field specifies the values to use to calculate the entire pie. In this case, the entire pie is the total count of Lucidum User Names returned by the query.
-
From the data returned by the query, the Series field specifies the value to show in each slice of the pie. In this case, each slice displays the values from Data Source.
-
The Chart Type is “Pie”.
-
- Total Okta Identities. This chart displays the total number of user accounts managed with Okta.
-
This chart uses the query
Data Sources match Okta User AND Last Time Seen within past 1 month AND Okta User Status not match DEPROVISIONED. -
From the data returned by the query, the Category field specifies the value to show in the chart. In this case, the chart displays a count of Lucidum User Name.
-
The Chart Type is “Big Number”.
-
-
Total Identities with MFA Configured. This chart displays the total number of user accounts that use MFA.
-
This chart uses the query
Okta MFA Status == TRUE AND Last Time Seen within past 1 month AND Okta User Status not match DEPROVISIONED. -
From the data returned by the query, the Category field specifies the value to show in the chart. In this case, the chart displays a count of Lucidum User Name.
-
The Chart Type is “Big Number”.
-
-
Total Identities with MFA Not Configured. This chart displays the total number of user accounts that do not use MFA.
-
This chart uses the query
Okta MFA Status == FALSE AND Last Time Seen within past 1 month AND Okta User Status not match DEPROVISIONED. -
From the data returned by the query, the Category field specifies the value to show in the chart. In this case, the chart displays a count of Lucidum User Name.
-
The Chart Type is “Big Number”.
-
-
Active Okta Identities with MFA == TRUE. This chart displays details about the identities that use MFA, including user’s full name, location, department, and email.
-
This chart uses the query
Okta MFA Status == TRUE FALSE AND Last Time Seen within past 1 month AND Okta User Status not match DEPROVISIONED. -
From the data returned by the query, the Category field specifies the column values for the table. In this case, the chart displays columns for Person Full Name, Location, Department, and Email.
-
The Chart Type is “Table”.
-
-
Active Okta Identities with MFA == TRUE. This chart displays details about the identities that use MFA, including user’s full name, location, department, and email.
-
This chart uses the query
Okta MFA Status == TRUE AND Last Time Seen within past 1 month AND Okta User Status not match DEPROVISIONED. -
From the data returned by the query, the Category field specifies the column values for the table. In this case, the chart displays columns for Person Full Name, Location, Department, and Email.
-
The Chart Type is “Table”.
-
-
Active Okta Identities with MFA == FALSE. This chart displays details about the identities that do not use MFA, including user’s full name, location, department, and email.
-
This chart uses the query
Okta MFA Status == FALSE AND Last Time Seen within past 1 month AND Okta User Status not match DEPROVISIONED. -
From the data returned by the query, the Category field specifies the column values for the table. In this case, the chart displays columns for Person Full Name, Location, Department, and Email.
-
The Chart Type is “Table”.
-
Identities #
The Identities dashboard lists all the identities in your Lucidum system and details about each identity.
The Identities dashboard looks like this:
Base Query #
-
This dashboart includes a single chart.
-
The chart uses the query
Lucidum User Name existsto find all identities in your Lucidum system.
Charts #
-
This dashboart includes a single chart.
-
From the data returned by the query, the Category fields specifies the columns in the table. In this case, Lucidum User Name, Data Sources, Person Full Name, Department, Location, First Time Seen, Last Time Seen.
-
The Chart Type is “Table”.
In the Lucidum Identity Database dashboard, you can view the following about each user:
-
Lucidum User Name. User name derived by Lucidum.
-
Data Sources. Data sources from which Lucidum ingested data about the user.
-
Person Full Name. User’s full name.
-
Department. Department aligned with the user.
-
Location. Location for the user.
-
First Time Seen. Date and time Lucidum first saw this user.
-
Last Time Seen. Date and time Lucidum most recently saw this user.
For each column name, you can:
-
Sort by ASC. Sort the results by this column, in ascending order.
-
Sort by DESC. Sort the results by this column, in descending order.
-
Pin to left. The column is pinned to the left border. When you scroll left to right to view all the columns, this column stays on the left border.
-
Pin to right. The column is pinned to the right border. When you scroll left to right to view all the columns, this column stays on the right border.
-
Filter. Allows you to filter the table by one or more columns in the results table.
-
Hide Column. Removes the column from the page.
-
Manage columns. You can include or not include one or more columns in the results table.
Identity Overview #
The Identity Overview dashboard provides details about all currently active identities, all currently disabled identities, and all new identities. The Identity Overview dashboard looks like this:
Base Query #
Most of the charts in this dashboard use one of the following as a base query:
-
Lucidum User Name exists AND User Status::Lucidum Status match Enabled-
This query looks for all identities in your Lucidum system that have a status of “Enabled”.
-
-
Lucidum User Name exists AND User Status::Lucidum Status match Disabled-
This query looks for all identities in your Lucidum system that have a status of “Disabled”.
-
Charts #
- Total Tracked Identities. This chart displays a count of all enabled users in the Lucidum system.
-
-
This chart uses the query
Lucidum User Name exists AND User Status::Lucidum Status match Enabled. -
From the data returned by the query, the Category field specifies the value to show in the chart. In this case, the chart displays a count of Lucidum User Name.
-
The Chart Type is “Big Number.
-
- Identity Growth (Weekly). This chart displays the number of users each week for the last 6 months.
-
-
This chart uses the query
Record Generated Time within past 6 months AND User Status::Lucidum Status match Enabled. -
From the data returned by the query, the Category field specifies the values to show on the x-axis. In this case, the x-axis displays a count of Lucidum User Name.
-
From the data returned by the query, the Series field specifies the values to show on the y-axis. In this case, the y-axis displays Record Generated Time.
-
The Chart Type is “Bar”.
-
- Identities by Country. This chart displays the number of enabled users in each country.
-
-
This chart uses the query
Lucidum User Name exists AND User Status::Lucidum Status match Enabled. -
From the data returned by the query, the Category field specifies the values to show on the x-axis. In this case, the x-axis displays a count of Lucidum User Name.
-
From the data returned by the query, the Series field specifies the values to show on the y-axis. In this case, the y-axis displays the Country Name.
-
The Chart Type is “Bar”.
-
- Identities by Department. This chart displays the number of enabled users in each department.
-
-
This chart uses the query
Lucidum User Name exists AND User Status::Lucidum Status match Enabled. -
From the data returned by the query, the Category field specifies the values to show on the x-axis. In this case, the x-axis displays a count of Lucidum User Name.
-
From the data returned by the query, the Series field specifies the values to show on the y-axis. In this case, the y-axis displays Department.
-
The Chart Type is “Bar”.
-
- Identity Data Sources. This chart displays the number of enabled users that use data from each data source.
-
-
This chart uses the query
Lucidum User Name exists AND User Status::Lucidum Status match Enabled. -
From the data returned by the query, the Category field specifies the values to use to calculate the entire pie. In this case, the entire pie is the total count of Lucidum User Names.
-
From the data returned by the query, the Series field specifies the value to show in each slice of the pie. In this case, each slice displays the Data Source.
-
The Chart Type is “Pie”.
-
- Total Deactivated Identities. This chart displays a count of all disabled users in the Lucidum system.
-
-
This chart uses the query
Lucidum User Name exists AND User Status::Lucidum Status match Disabled. -
From the data returned by the query, the Category field specifies the value to show in the chart. In this case, the chart displays a count of Lucidum User Name.
-
The Chart Type is “Big Number.
-
- Depts. of Deactivated Identities. This chart displays the number of disabled users in each department.
-
-
This chart uses the query
Lucidum User Name exists AND User Status::Lucidum Status match Enabled. -
From the data returned by the query, the Category field specifies the values to show on the x-axis. In this case, the x-axis displays a count of Lucidum User Name.
-
From the data returned by the query, the Series field specifies the values to show on the y-axis. In this case, the y-axis displays the Department.
-
The Chart Type is “Bar”.
-
- New Identities. This chart displays the number of new users added to your Lucidum system during the last month.
-
-
This chart uses the query
First Time Seen within past 1 month AND User Status::Lucidum Status match Enabled. -
From the data returned by the query, the Category field specifies the value to show in the chart. In this case, the chart displays a count of Lucidum User Name.
-
The Chart Type is “Big Number.
-
- Departments of New Identities. This chart displays the number of new users in each department.
-
-
This chart uses the query
First Time Seen within past 1 month AND User Status::Lucidum Status match Enabled. -
From the data returned by the query, the Category field specifies the values to show on the x-axis. In this case, the x-axis displays a count of Lucidum User Name.
-
From the data returned by the query, the Series field specifies the values to show on the y-axis. In this case, the y-axis displays the Department.
-
The Chart Type is “Bar”.
-
- Data Sources of New Identities. This chart displays the number of new users that use data from each data source.
-
-
This chart uses the query
First Time Seen within past 1 month. -
From the data returned by the query, the Category field specifies the values to use to calculate the entire pie. In this case, the entire pie is the total count of Lucidum User Names.
-
From the data returned by the query, the Series field specifies the value to show in each slice of the pie. In this case, each slice displays the Data Source.
-
The Chart Type is “Pie”.
-
- Deactivated Identity Listing. This chart displays a table that lists the users that have been deactivated in the last month.
-
-
This chart uses the query
Last Time Seen within past 1 month AND User Status::Lucidum Status match Disabled. -
From the data returned by the query, the Category fields specifies the columns in the table. In this case, Lucidum User Name, Person Full Name, Department, Job Title, Last Time Seen.
-
The Chart Type is “Table”.
-
- New Identity Listing. This chart displays a table that lists the users that have been added in the last month.
-
-
This chart uses the query
First Time Seen within past 1 month AND User Status::Lucidum Status match Enabled. -
From the data returned by the query, the Category fields specifies the columns in the table. In this case, Lucidum User Name, Person Full Name, Department, Country Name, Job Title, Email, First Time Seen, MFA Configured.
-
The Chart Type is “Table”.
-
Unauth User Accounts #
The Unauth User Accounts dashboard displays information about users, their status (deprovisioned, suspended, unauthorized, unmanaged), and their access to your environment.
The Unauth User Accounts dashboard looks like this:
Base Query #
Most of the charts in this dashboard use the following base query:
Data Sources match okta
In this dashboard, we use Okta as an example. To edit these dashboards to match your environment, choose the Data Source that matches your SSO or identity solution.
Note that Okta uses the statuses “Deprovisioned” and “Suspended”. Other SSO or identity solutions might use different statuses. If you edit this dashboard to use a solution other than Okta, you should also edit the status values to match those used in your solution.
Charts #
-
Total Okta User and Application Accounts. This chart displays a count of all user accounts and application accounts in okta.
-
This chart uses the query
Data Sources match okta -
From the data returned by the query, the Category field specifies the value to show in the chart. In this case, the chart displays a count of Lucidum User Name.
-
The Chart Type is “Big Number.
-
-
Deprovisioned/Suspended Okta User & App Accounts. This chart displays the number of okta users who have been deprovisioned or suspended.
-
This chart uses the query
User Status::Source match okta AND User Status::Status match Deprovision OR User Status::Status match Suspended. -
From the data returned by the query, the Category field specifies the value to show in the chart. In this case, the chart displays a count of Lucidum User Name.
-
The Chart Type is “Big Number”.
-
-
Non-Okta User Accounts Not in Okta at All & Exist Elsewhere. This chart displays the number of users who are active in your environment but not managed in Okta.
-
This chart uses the query
Data Sources not match Okta AND Status Match active OR Status match attached OR Status match provisioned AND Status not match Deprovisioned. This query looks for user accounts where the data source is not okta, the account has not been deprovisioned in Okta, and the account is active, attached, or provisioned. -
From the data returned by the query, the Category field specifies the value to show in the chart. In this case, the chart displays a count of Lucidum User Name.
-
The Chart Type is “Big Number”.
-
-
Unauthorized Users Deprovisioned/Suspended in Okta & exist elsewhere. This chart displays a count of user accounts that have been deprovisioned or suspended in Okta but that still exists in other applications.
-
This chart uses the query
User Status::Source match okta_user AND User Status::Status match Deprovision OR User Status::Status match Suspended AND Data Sources match Oracle Cloud Users OR Data Sources match AWS SSO Identity Store OR Data Sources match runZero User OR Data Sources match Zoom User OR Data Sources match AWS Identitye and Access. This query looks for users that were previously in Okta and are either deprovisioned or sustepended in Okta but still active in Oracle, AWS, runZero, or Zoom. -
From the data returned by the query, the Category field specifies the value to show in the chart. In this case, the chart displays a count of Lucidum User Name.
-
The Chart Type is “Big Number”.
-
-
Unauthorized Users Deprovisioned/Suspended in Okta, active elsewhere. This chart displays a count of users that were previously managed in Okta and are either deprovisioned or suspended in Okta but still active in Sentry, AWS, Aviatrix, Lacework, Cloudflare, Lucidum, or GCP and the user account is active, attached, or provisioned in these other applications.
-
This chart uses the query
User Status::Source match okta_user AND User Status::Status match Deprovision OR User Status::Status match Suspended AND User Status::Lucidum Status match Enabled. This query looks for users that were previously managed in Okta and are either deprovisioned or suspended in Okta but still enabled in other applications. -
From the data returned by the query, the Category field specifies the value to show in the chart. In this case, the chart displays a count of Lucidum User Name.
-
The Chart Type is “Big Number”.
-
-
Okta User Seats By Application. This chart displays the top applications used by okta users.
-
This chart uses the query
Data Sources match Okta User -
From the data returned by the query, the Category field specifies the values to show on the x-axis. In this case, the x-axis displays a count of Lucidum User Name.
-
From the data returned by the query, the Series field specifies the values to show on the y-axis. In this case, the y-axis displays the Applications::Name.
-
The Chart Type is “Bar”.
-
-
Non-Okta Accounts Not in Okta at All & Exist Elsewhere. This chart displays the name of users who are active in your environment but not managed in Okta.
-
This chart uses the query
Data Sources not match Okta AND Status Match active OR Status match attached OR Status match provisioned AND Status not match Deprovisioned. This query looks for user accounts where the data source is not okta, the account has not been deprovisioned in Okta, and the account is active, attached, or provisioned. -
From the data returned by the query, the Category fields specifies the columns in the table. In this case, Person Full Name and Department.
-
The Chart Type is “Table”.
-
-
Unauthorized Users Depov./Suspended in Okta & Exist Elsewhere. This chart displays the name of each user account that has been deprovisioned or suspended in Okta but that still exists in other applications.
-
This chart uses the query
User Status::Source match okta_user AND User Status::Status match Deprovision OR User Status::Status match Suspended AND Data Sources match AWS Identity and Access Management OR Data Sources match AWS SSO Identity Store Or Data Sources match Oracle Cloud Users or Data Source match runZero User or Data Source match Zoom User. This query looks for users that were previously in Okta and are either deprovisioned or suspended in Okta but still active in AWS, Oracle Cloud, runZero, or Zoom. -
From the data returned by the query, the Category fields specifies the columns in the table. In this case, Person Full Name and Department.
-
The Chart Type is “Table”.
-
-
Unauthorized Users Showing Asset Count. This chart displays the user names of users that were previously managed in Okta and are either deprovisioned or suspended in Okta but still appear as enabled in other applications.
-
This chart uses the query
User Status::Source match okta_user AND User Status::Status match Deprovision OR User Status::Status match Suspended AND User Status::Lucidum Status match Enabled. This query looks for users that were previously managed in Okta and are either deprovisioned or suspended in Okta but still enabled in other applications. -
From the data returned by the query, the Category fields specifies the columns in the table. In this case, Person Full Name and Department.
-
The Chart Type is “Table”.
-
-
Non-Okta Accounts. This chart displays accounts that do not exist in Okta and the applications those accounts are still using.
-
This chart uses the query
Data Sources not match okta AND Status match active OR Status match attached OR Status match provisioned AND Status not match DEPROVISIONED. -
From the data returned by the query, the Category field specifies the values to use to calculate the entire pie. In this case, the entire pie is the total count of Lucidum User Names.
-
From the data returned by the query, the Series field specifies the value to show in each slice of the pie. In this case, each slice displays the Data Source. The slices show the applications where users are active
-
The Chart Type is “Pie”.
-
-
Unauthorized Users By Data Sources Reporting. This chart displays accounts that are deprovisioned or suspend in Okata and still appear in other applications.
-
This chart uses the query
User Status::Source match okta_user AND User Status::Status match DEPROVISIONED OR User Status::Status match SUSPENDED AND Data Sources match AWS Identity and Access Management OR Data Sources match AWS SSO Identity Store OR Data Sources match Oracle Cloud Users OR Data Sources match runZero User ORData Sources match Zoom User. This query looks for Okta users that have been deprovisioned or suspended in Okta yet still appear in AWS, Oracle Cloud, runZero, or Zoom. -
From the data returned by the query, the Category field specifies the values to use to calculate the entire pie. In this case, the entire pie is the total count of Lucidum User Names.
-
From the data returned by the query, the Series field specifies the value to show in each slice of the pie. In this case, each slice displays the Data Source that has unauthorized users.
-
The Chart Type is “Pie”.
-
-
Unauthorized Active Users By Data Sources Reporting. This chart displays accounts that are deprovisioned or suspend in Okata and still appear in other applications and are still enabled in Lucidum.
-
This chart uses the query
User Status::Source match okta_user AND User Status::Status match DEPROVISIONED OR User Status::Status match SUSPENDED AND User Status::Lucidum Status match Enabled. This query looks for Okta users that have been deprovisioned or suspended in Okta yet still appear as enabled in Lucidum. - From the data returned by the query, the Category field specifies the values to use to calculate the entire pie. In this case, the entire pie is the total count of Lucidum User Names.
- From the data returned by the query, the Series field specifies the value to show in each slice of the pie. In this case, each slice displays the Data Source that has unauthorized users.
- The Chart Type is “Pie”.
-
