Remove From My Forums

Capturing Failed logins using MS Identity Web and OpenIDConnect

Question
0

Sign in to vote

User2054207217 posted

Hi All,

I have a working web application that implements Single Sign On using Azure AD using OpenID Connect. I am trying to determine the best way to capture failed or unsuccessful login attempts. Is this possible? As I understand, as my application hands off the authentication to Azure Identity Web, my app. would not know of a failed attempt, correct?

Thanks.

Tuesday, August 4, 2020 12:06 AM

Answers

0

Sign in to vote
User-1330468790 posted

Hi progdever,

If you hands over the authentication to Azure Identity Web, you could monitor the sign-in activities in Azure portal.

It will provide you with a Sign-ins report which shows up below information for each sign-in log:

The sign-in date
The related user
The application the user has signed in to
The sign-in status
The status of the risk detection
The status of the multi-factor authentication (MFA) requirement

If you want to check the failed login attempts, simply select Failure from the Status drop-down to display only the failed sign-ins.

More details, you could refer to below guides:

How to: Troubleshoot sign-in errors using Azure Active Directory reports

Sign-in activity reports in the Azure Active Directory portal

Hope this can help you.

Best regards,

Sean
- Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
Tuesday, August 4, 2020 6:20 AM
0

Sign in to vote
User-1330468790 posted

Hi progdever,

Obviously you could not directly monitor those sign-in activities from your web project.

However, there is a workaround using Activity reports API to fetch such information by calling Activity reports API .

It includes two kinds of logs:

audit logs => answers following questions:

Who granted admin group access to a directory user?
Which users are signing in to a recently acquired app?
How many passwords resets were made within the directory?

sign-in logs => answers following questions:

What is the sign in pattern of a user?
How many users have signed in during the last week?
What's the status of these sign-ins?

More information, you could refer to this link: Activity reports API overview

Please note that requests sent to the Graph API must be well-formed, target a valid endpoint and version of the Graph API, and carry a valid access token obtained from Azure AD in their Authorization header.

Best regards,

Sean
- Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
Thursday, August 6, 2020 4:17 AM

All replies

0

Sign in to vote
User-1330468790 posted

Hi progdever,

If you hands over the authentication to Azure Identity Web, you could monitor the sign-in activities in Azure portal.

It will provide you with a Sign-ins report which shows up below information for each sign-in log:

The sign-in date
The related user
The application the user has signed in to
The sign-in status
The status of the risk detection
The status of the multi-factor authentication (MFA) requirement

If you want to check the failed login attempts, simply select Failure from the Status drop-down to display only the failed sign-ins.

More details, you could refer to below guides:

How to: Troubleshoot sign-in errors using Azure Active Directory reports

Sign-in activity reports in the Azure Active Directory portal

Hope this can help you.

Best regards,

Sean
- Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
Tuesday, August 4, 2020 6:20 AM
0

Sign in to vote

User2054207217 posted

Sean,

Thanks. But is there a way to capture the failed logins from the web app itself?

Tuesday, August 4, 2020 3:04 PM
0

Sign in to vote

User475983607 posted

But is there a way to capture the failed logins from the web app itself?

The main reason to implement an external login is so you application does not manage accounts or ever see the user's credentials.

Why do you need this information? Reporting?

Tuesday, August 4, 2020 3:16 PM
0

Sign in to vote

User2054207217 posted

Yes mostly for auditing. Thanks.

Tuesday, August 4, 2020 4:49 PM
0

Sign in to vote
User-1330468790 posted

Hi progdever,

Obviously you could not directly monitor those sign-in activities from your web project.

However, there is a workaround using Activity reports API to fetch such information by calling Activity reports API .

It includes two kinds of logs:

audit logs => answers following questions:

Who granted admin group access to a directory user?
Which users are signing in to a recently acquired app?
How many passwords resets were made within the directory?

sign-in logs => answers following questions:

What is the sign in pattern of a user?
How many users have signed in during the last week?
What's the status of these sign-ins?

More information, you could refer to this link: Activity reports API overview

Please note that requests sent to the Graph API must be well-formed, target a valid endpoint and version of the Graph API, and carry a valid access token obtained from Azure AD in their Authorization header.

Best regards,

Sean
- Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
Thursday, August 6, 2020 4:17 AM

Answered by:

Capturing Failed logins using MS Identity Web and OpenIDConnect

Question

Answers

All replies