Today, Advanced Authentication's reporting is extremely limited, mainly constrained to metrics/statistical events that have somewhat recently occurred in the system. Unlike competitor solutions, AA does not have a good interface to allow administrators to search, view as well as export reports with details of matching user records (login id, full name, values of certain enrollments like SMS/Phone/Email as well as last login date/time, last auth client IP, AA server that full last auth, etc).
Not all enrollments are synced from an LDAP source, and even when they are seeded from it, many customers may allow their users to override -- so there can be no expectation that Admins can just get this data from LDAP.
Some examples of AA database data exploration queries/reports:
- show me all users in AA who have never logged in
- show me all users where Card enrollment NOT EXIST
- show me all users whose SMS OTP value STARTS WITH "123" prefix or EQUALS "1112223333"
- show me all users whose Email OTP enrollment ENDS WITH "@some-company.com"
- show me all users whose TimeOTP enrollment EXISTS.
- show me all users whose CN value CONTAINS "xyz"
And so on.
Should be able to customize which user record fields to include to a tabular view on screen (including ability to re-sort by any column), as well as to CSV export for all users with selectable fields, who matched that the query.
We are transitioning from RSA Authentication Server to Advanced Authentication, and the comparable ability for AA to assemble useful user views and reports on details of their enrollments is limited to complicated REST API scripts each customer has to develop on their own. Competitors are doing a much better job here, but most importantly this leaves your customers in the dark on important aspects of the MFA communities they govern.