Where is Lumos pulling Last Login/Last Activity data from?

Last updated: October 7, 2024

Background

Last Login and Last Activity are fields that are particularly useful for understanding if there are Inactive Users within Lumos that potentially are overprovisioned (if they haven't logged in in 90 or more days, do they truly need it? šŸ§). It's also a powerful data point to leverage for our Inactivity Workflows, to systematically chip away at users who have not accessed apps in a certain period of time.

But where does Lumos source this data from?

Well, that depends (on the source)

We source our data from a few places, notably:

  • Your IdP

  • Direct Lumos integrations

  • Manual uploads

As such, this will control where and how we can pull Last Login/Activity.

Last Login

Wherever we can, we will populate this from the direct integration first, which will check the SaaS app directly to see when the user last logged into the system.

However, if this data is not available, we will then default to Last SSO Login, from your IdP (e.g. Okta). This has varying levels of accuracy, which depends on if you limit length of sessions, and thus require your users to login on a regular cadence.

Last Activity

Today Last Activity is a column that is specially pulled via a direct Lumos integration; this will typically be a very granular, app-specific metric. For example, we offer Last Activity for Zoom, which looks at the last time a user hosted a meeting of 40 minutes or longer.

If you're curious to see which applications have Last Login/Activity available via direct integration, you can check out our Integrations Catalog.

FAQ

Why are there empty values?

In short, the integration from where we pull last login has never given us this data.

In the case of Okta, we look at Okta system logs for sign in attempts, which Okta only stores for 90 days. When Lumos first discovers an Okta app, we check for the last logins and show the values in the table. An empty value means login never happened or it happened more than 90 days ago.

The longer you use Lumos, the less important this becomes. Once we see a value, we cache it until we receive the next update. So if you use Lumos for 6 months, a ā€œ-ā€ forĀ Last Login for an Okta app means the user hasnā€™t signed in through Okta in 9 months (90+ days + 6 months since we began syncing data with Okta).