User Location Heatmap

This is the user location heat-map help page – please see the help video to the right. We also have the text help below.

Vote for this feature

If you love this feature please let us know by voting below. Voting for features makes sure we know what to focus on developing next.

0

Video

User Location Heatmap

The user location heat map page displays a map so you can see visually where your user’s authentications are coming from in the world. This is particularly useful to see how many user authentications are happening internationally and can help you identify unusual access.

You can select the date range to use for the heat map data set by clicking the date/time selector in the top right hand corner. Here you can set a start and end date for your data range, or chose one of our handy pre-set date ranges such as “This Month” / “This Year” / “Last Year” from the right hand column inside the date selector. By default when the page is first loaded it will display data from the last 7 days.

Once you have chosen a date range to display authentication data across you are also offered the option to filter the data by only graphing data for unique IP addresses by clicking the “Show only unique IP addresses” select box. This will enable you to see a better picture of distribution of access locations instead of seeing a large number of authentications from a single IP address such as your institutional campus.

It’s possible to “zoom” in and out on the map by clicking the plus and minus buttons in the top left hand corner. You will see coloured gradients on the map which indicate a particular level of usage from specific countries on the map which correlate to the number of authentications from that particular country. Zooming in on that particular country will then display the heat map target which can be clicked to see the number of authentications from that country.

Below the map itself you can visualise this data in tabular format to see a list of country codes and the corresponding number of authentications from each country. The table is listed in descending order showing most to least authentications.

Like many of the other visual graphing pages in the dashboard you can also apply a variety of filters to perform a more extensive search into user access locations.

Filter by service provider

This filter allows you to see authentications to a specific or collection of SP’s. Simply start typing the SP’s friendly name or entity ID into the input box, or choose from the drop down list of SP’s displayed when the input box has been chosen. Chose as many SP’s as you wish to display data for in your report. SP’s are automatically added to this list as they are aggregated from the IdP’s log files.
If you don’t see a specific SP displayed in the list it’s likely because there have been no authentications to that SP recorded in the logs.
You can remove SP’s from the filter by clicking the back space button.

Filter by auth type

This allows you to see the authentication type of the users signing in. So it would be possible to select “Kerberos” from the filter to see how many users are logging in on site using SSO, or how many are authenticating offsite using username/password. Simply click the checkbox next to the item(s) you wish to use for the report.

Filter by attributes sent

This filter will allow you to filter by specific attributes that have been released to SP’s. The filter will allow you to see how many authentications have released a certain attribute such as sAMAccountName or email address.

Filter by profiles

This filter allows you to filter between SAML1 and SAML2 authentications so you can see how many authentications are happening over SAML1 and SAML2 respectively. You should hopefully only see a small number of SAML1 authentications as this protocol is becoming deprecated by SP’s in favour of SAML2.

Filter by users

This filter will initially be greyed out and must be enabled by clicking “enable” before you can use this. When the feature is enabled this will be logged in the dashboard logs so you can see who has enabled this feature.
Once the filter is enabled it gives you the ability to view authentications for a specific user or users.
In order to filter by username once the feature has been enabled simply type the users username into the input box (multiple usernames can be filtered on by typing additional usernames with a comma separator.

Filter by groups

This filter allows you to search for authentications performed for a specific Active Directory group. These groups will be automatically aggregated from Active Directory itself once you define the “groups” attribute in https://www.overtsoftware.com/dashboard-docs/statistics-settings/ (typically memberOf).
Simply choose a group or groups from the drop down list or start typing to search for a specific group you want to filter on. The filter will allow you to see authentications/usage for specific AD groups such as students/staff/external users etc.