pingidentity/pingone Dashboards

Overview

The Overview dashboard provides comprehensive authentication analytics and user activity insights through real-time monitoring visualizations. This dashboard enables tracking of application usage patterns, analysis of authentication success and failure rates, and monitoring of user enrollment metrics across the identity environment.
Password activity

The Password Activity dashboard presents detailed password management metrics and account security events through time-based visualizations. This dashboard enables monitoring of password reset patterns, tracking of account lockout incidents, and identification of suspicious account lifecycle activities across the identity platform.
Policy and MFA

The Policy and MFA dashboard provides detailed authentication policy analysis and multi-factor authentication trends through specialized visualizations. This dashboard enables evaluation of policy effectiveness, tracking of MFA usage patterns, and assessment of authentication methods across authentication scenarios.

Overview

The Overview dashboard provides comprehensive authentication analytics and user activity insights through real-time monitoring visualizations. This dashboard enables tracking of application usage patterns, analysis of authentication success and failure rates, and monitoring of user enrollment metrics across the identity environment.

Widget	Description	Type
Top applications over time	Top applications Hide Query Show Query logscale `#logtype="pingone" \| actors.user.name = ?{user_name=} \| case{ action.type=SECRET. \| Application := resources[0].name; // Worker applications' name mapping action.type=FLOW.* \| Application := actors.client.name; // Client applications' name mapping } \| timechart(Application) // Display bar chart of applications by count of their operations`	`Time Chart`
Top users (all events)	Summary of top users by count of ALL events for a user. Note that this includes 'flow' events in PingOne so total events is not equal to authentication success + failures. Hide Query Show Query logscale `#logtype="pingone" \| groupBy("actors.user.id", function=[collect("actors.user.id"), collect("actors.user.name"), count("actors.user.id", as="count")]) // Group by user ID of the user and collect their name and ID \| "User ID" := rename("actors.user.id") \| "User name" := rename("actors.user.name") \| table(["User ID", "User name", "count"], sortby="count", limit=10)`	`Table`
Top applications	Breakdown of top applications Hide Query Show Query logscale `#logtype="pingone" \| actors.user.name = ?{user_name=} \| case{ action.type=SECRET. \| Application := resources[0].name; // Worker applications' name mapping action.type=FLOW.* \| Application := actors.client.name; // Client applications' name mapping } \| top(Application, as=count, limit=10) // Display bar chart of applications by count of their operations`	`Pie Chart`
Users enrolled	Count of users enrolled Hide Query Show Query logscale `#logtype="pingone" \| action.type = USER.CREATED // Created a new user \| count() // Count of new users enrolled`	`Single Value`
Top users - authentication success	Users with highest number of authentication successes Hide Query Show Query logscale `#logtype="pingone" \| action.type="SESSION.CREATED" // Successful authentication \| groupBy("resources[0].id", function=[collect("resources[0].id"), collect("resources[0].name"), count("resources[0].id", as="count")]) \| "User ID" := rename("resources[0].id") \| "User name" := rename("resources[0].name") \| table(["User ID", "User name", "count"], sortby="count", limit=10)`	`Table`
Successful authentications	Successful authentications per hour Hide Query Show Query logscale `#logtype="pingone" \| action.type=SESSION.CREATED // Successful authentication \| resources[0].name = ?{user_name=*} \| timeChart( unit = "/span to /hour") // Timechart based on authentication type`	`Single Value`
Authentication failure reasons	Breakdown of failed authentications by their type Hide Query Show Query logscale `#logtype="pingone" \| action.type =~ in(values=["PASSWORD.CHECK_FAILED", "OTP.CHECK_FAILED", "ASSERTION.CHECK_FAILED", "OTP.CHECK_INVALID"]) // Failed authentications \| resources[0].name = ?{user_name=*} \| groupBy("action.type") \| "Failed authentication reason" := rename("action.type")`	`Pie Chart`
Failed authentications	Failed authentications per day Hide Query Show Query logscale `#logtype="pingone" \| action.type =~ in(values=["PASSWORD.CHECK_FAILED", "OTP.CHECK_FAILED", "ASSERTION.CHECK_FAILED", "OTP.CHECK_INVALID"]) \| resources[0].name = ?{user_name=*} \| timechart(unit="/span to /day")`	`Single Value`
Authentication failure reasons over time	Failed authentications by failure type Hide Query Show Query logscale `#logtype="pingone" \| action.type =~ in(values=["PASSWORD.CHECK_FAILED", "OTP.CHECK_FAILED", "ASSERTION.CHECK_FAILED", "OTP.CHECK_INVALID"]) \| resources[0].name = ?{user_name=*} \| "Failed authentication reason" := rename("action.type") \| timechart("Failed authentication reason")`	`Time Chart`
Top users - authentication failures	Users with highest number of authentication failures Hide Query Show Query logscale #logtype="pingone" \| case { action.type=PASSWORD.CHECK_FAILED \| "User name" := resources[0].name; action.type=OTP.CHECK_FAILED \| "User name" := actors.user.name; action.type=ASSERTION.CHECK_FAILED \| "User name" := actors.user.name; action.type=OTP.CHECK_INVALID \| "User name" := actors.user.name; } \| groupBy("resources[0].id", function=[collect("resources[0].id"), collect("User name"), count("resources[0].id", as="count")]) \| "User ID" := rename("resources[0].id") \| table(["User ID", "User name", "count"], sortby="count", limit=10)	`Table`
Top applications	Top applications Hide Query Show Query logscale `#logtype="pingone" \| actors.user.name = ?{user_name=} \| case{ action.type=SECRET. \| Application := resources[0].name; // Worker applications' name mapping action.type=FLOW.* \| Application := actors.client.name; // Client applications' name mapping } \| top(Application, as=count, limit=10) // Display bar chart of applications by count of their operations`	`Bar Chart`
Successful authentications	Successful authentications per day Hide Query Show Query logscale `#logtype="pingone" \| action.type=SESSION.CREATED // Successful authentication \| resources[0].name = ?{user_name=*} \| timechart(unit="/span to /day") // Single value timechart of successful authentications`	`Single Value`
Authentication success/failure	Breakdown of authentication attempts by success/failure Hide Query Show Query logscale `#logtype="pingone" \| resources[0].name = ?{user_name=*} \| case { action.type = "SESSION.CREATED" \| Authentication_type := "SUCCESS"; action.type =~ in(values=["PASSWORD.CHECK_FAILED", "OTP.CHECK_FAILED", "ASSERTION.CHECK_FAILED", "OTP.CHECK_INVALID"]) \| Authentication_type := "FAILED"; } \| groupBy("Authentication_type")`	`Pie Chart`
Failed authentications	Failed authentications per hour Hide Query Show Query logscale `#logtype="pingone" \| action.type =~ in(values=["PASSWORD.CHECK_FAILED", "OTP.CHECK_FAILED", "ASSERTION.CHECK_FAILED", "OTP.CHECK_INVALID"]) \| resources[0].name = ?{user_name=*} \| timechart( unit="/span to /hour")`	`Single Value`
Authentications over time	Breakdown of successful and failed authentications Hide Query Show Query logscale `#logtype="pingone" \| resources[0].name = ?{user_name=*} \| case { action.type = "SESSION.CREATED" \| auth := "SUCCESS"; // Successful authentication action.type =~ in(values=["PASSWORD.CHECK_FAILED", "OTP.CHECK_FAILED", "ASSERTION.CHECK_FAILED", "OTP.CHECK_INVALID"]) \| auth := "FAILED"; // Failed authentication } \| timeChart(auth) // Display timechart of successful and failed authentications`	`Time Chart`

Password activity

The Password Activity dashboard presents detailed password management metrics and account security events through time-based visualizations. This dashboard enables monitoring of password reset patterns, tracking of account lockout incidents, and identification of suspicious account lifecycle activities across the identity platform.

Widget	Description	Type
Password resets per day	Password resets per day Hide Query Show Query logscale `#logtype="pingone" \| action.type = "PASSWORD.RESET" // Password reset events \| timeChart(action.type, function=count(), unit="/span to /day") // Display a single value timechart of password reset activity`	`Single Value`
Account lockouts per day	Account lockouts per day Hide Query Show Query logscale `#logtype="pingone" \| action.type = "FLOW.UPDATED" \| result.description = "Authentication failed because account is locked out" // An account locked out after multiple failed login attempts \| timeChart(action.type, function=count(), unit="/span to /day")`	`Single Value`
Password resets and lockouts over time	Volume of password resets and lockouts over time Hide Query Show Query logscale `#logtype="pingone" \| case { action.type = "FLOW.UPDATED" \| result.description = "Authentication failed because account is locked out" \| action.type := "Lockouts"; action.type = "PASSWORD.RESET" \| action.type := "Resets"; } \| timeChart(action.type)`	`Time Chart`
Total account lockouts	Count of account lockouts over selected time span Hide Query Show Query logscale `#logtype="pingone" \| action.type = "FLOW.UPDATED" \| result.description = "Authentication failed because account is locked out" // An account locked out after multiple failed login attempts \| count() // Count of locked out accounts`	`Single Value`
Password reset details	Summary of password reset activity Hide Query Show Query logscale `#logtype="pingone" \| action.type = "PASSWORD.RESET"`	`Event List`
Short lived accounts (<1 hour)	Accounts deleted within one hour of being created Hide Query Show Query logscale #logtype="pingone" \| action.type = "USER.DELETED" \| join({ action.type="USER.CREATED" \| "createdAtTimestamp" := @timestamp \| "Created by" := actors.user.name }, field=resources[0].id, include=["createdAtTimestamp", "Created by"]) \| eval(millisAlive = @timestamp - createdAtTimestamp) \| millisAlive < 3600000 // 1 hour in milliseconds \| formatDuration(millisAlive, as="Time alive", precision=2) \| "Created at" := formatTime("%Y-%m-%d %H:%M:%S", field=createdAtTimestamp, timezone=Z) \| "Deleted at" := formatTime("%Y-%m-%d %H:%M:%S", field=@timestamp, timezone=Z) \| User := rename("resources[0].name") \| "Deleted by" := rename("actors.user.name") \| table(["User", "Created by", "Deleted by", "Created at", "Deleted at", "Time alive"], sortby="Deleted at")	`Table`
Total password resets	Count of password resets over selected time span Hide Query Show Query logscale `#logtype="pingone" \| action.type = "PASSWORD.RESET" \| count() // Count of password reset events`	`Single Value`

Policy and MFA

The Policy and MFA dashboard provides detailed authentication policy analysis and multi-factor authentication trends through specialized visualizations. This dashboard enables evaluation of policy effectiveness, tracking of MFA usage patterns, and assessment of authentication methods across authentication scenarios.

Widget	Description	Type
Breakdown by policy	Breakdown of authentications by their policy (only successful authentications) Hide Query Show Query logscale `#logtype="pingone" \| action.type = FLOW.DELETED AND result.status = SUCCESS // Successful authentication \| regex("policy (?<authentication_type>.*)", field=result.description) // Policy type \| groupBy(authentication_type) // Display a piechart based on policy of the authentication`	`Pie Chart`
Authentication by policy over time	Breakdown of authentications by their policy (only successful authentications) Hide Query Show Query logscale `#logtype="pingone" \| action.type = FLOW.DELETED AND result.status = SUCCESS // Successful authentication \| regex("policy (?<authentication_type>.*)", field=result.description) // Policy type \| timechart(authentication_type) // Display a timechart based on policy of the authentication`	`Time Chart`
MFA by type over time	Breakdown of MFA authentications by their type (only successful authentications) Hide Query Show Query logscale `#logtype="pingone" // PASSWORD.CHECK_SUCCESS // OTP.CHECK_SUCCESS // ASSERTION.CHECK_SUCCESS \| action.type = .CHECK_SUCCESS \| case { result.description=TOTP \| auth_type := "Authenticator App"; result.description=Email* \| auth_type := "Email"; result.description=Security* OR result.description=Biometrics* \| auth_type := "Security Key"; } \| timechart(auth_type) // Display timechart based on type of MFA authentication`	`Time Chart`
MFA by type	Breakdown of MFA authentications by their type (only successful authentications) Hide Query Show Query logscale `#logtype="pingone" // PASSWORD.CHECK_SUCCESS // OTP.CHECK_SUCCESS // ASSERTION.CHECK_SUCCESS \| action.type = .CHECK_SUCCESS \| case { result.description=TOTP \| auth_type := "Authenticator App"; result.description=Email* \| auth_type := "Email"; result.description=Security* OR result.description=Biometrics* \| auth_type := "Security Key"; } \| groupBy("auth_type") // Display piechart based on type of MFA authentication`	`Pie Chart`

Versions of this Page

Package Marketplace

Package Reference

Dashboard Reference

Package Management

Other Integrations

Log Formats

pingidentity/pingone Dashboards

Overview

Password activity

Policy and MFA

Enter search term