Users Login Count interpretation if SSO timeout = 24 hour inactivity?

Fundamental question: How many times has each eligible user accessed the application during a date range?

Configuration considerations:
SSO timeout = 24-hours inactivity

I initially thought the Users view “login” count column would provide this information. Then as I thought more about our implementation, I became less confident in that assumption. We use SSO with our implementation and have a 24-hour inactivity timeout on the SSO token. The question becomes: What is the Login count column actually counting? …is it the number of times authentication occurred (either via SSO token validation or login prompt)? Or, is this the literal number of times an actual login prompt was presented to a user? The difference between these two interpretations is significant if you think about it. For example, if I am a user and access the application every day, all day from 8-5 and I work 7 days per week, my login account may only be 1 (representing the first time a login prompt was presented). …once I logged in, there would never be 24 hours of inactivity. Therefore, my use of the application is high but the login count is low). If however, the Users->Login count is counting every time the user attempts to access the application regardless of whether a login prompt is presented (meaning a Login count is incremented for both login prompt completion and SSO authentication completion) then the user’s login count would be more reflective of the number of times the user accessed the application. …which is actually the value I’m trying to get to.

Can anyone clear up this interpretation for me?

Hi @chris.poulton,

Welcome to the Auth0 Community!

I understand that you are looking for further clarification on how Auth0 calculates the login_count attribute.

First, the login_count is calculated based on the number of times the user has logged in. The crucial detail is when a user has already logged in, and while that session is alive, the user will be considered authenticated. Meaning that the user’s login_count will only increment once during that whole period. This is exactly what you have observed and explained to me regarding low login counts.

Conversely, you can think of the login count incrementing, iff (if and only if) the user has logged out and was required to re-enter their credentials to log in.

Behind the scenes, SSO is keeping the user’s session alive, hence why the login_count will only increment if the user logs in after the 24-hour timeout window you have configured.

Hoped this helps!

Please let me know if you have any further questions or concerns. I’d be happy to help.

Thank you.

Thank you! …not the answer I had hoped for but it is the answer I expected.

1 Like

Hi @chris.poulton,

You’re welcome!

Just to circle back, you could consider installing a Log Export Extension to export your logs to an external system where you can implement your calculation for these login counts. In that way, you could have a custom query search for the type: "s" for successful logins and perform a login count that way. You could also perform additional filtering like finding the login counts for a specific user.

The caveat is that you won’t be able to find historical data past your log data retention period to calculate your overall login count because the log data retention will depend on your subscription level.

Thank you.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.