Monitor Multi-Factor Authentication Events
When a user attempts to access a resource protected by the Duo Admin Panel, they are first prompted to authenticate themselves against the configured Identity Provider before being asked to perform the two-factor authentication using one of Duo’s methods (push, passcode, SMS, or phone call).
If the user authenticates successfully or fails to authenticate themselves using two-factor authentication, the Duo Admin Panel records a Multi-Factor Authentication (MFA) log containing information on whether the user's two-factor authentication has passed or failed. These logs show where and how users authenticate, with usernames, location, time, IP address of the device, type of authentication factor, and more.
Note | Failed authentications due to the user failing to authenticate with their Identify Provider are not recorded and are unavailable to CDO. |
Procedure
Step 1 | In the CDO navigation pane, click . |
Step 2 | Click the MFA tab. 
|