MFA Trusted Browsers Report

    Users can opt to trust their browsers for MFA (i.e., save their MFA verification on browsers) for a specified number of days. The MFA Trusted Browsers report displays details of active user-browser MFA trusts, including the username, the machine name or IP address, the type of login for which the browser trust is active, the browser used, the time the trust was initiated, and the trust validity period.

    This report also allows admins to search for specific user-browser MFA trusts and remove them. Using this report, administrators get visibility and control over browser-based MFA trusts, enabling proper security oversight while maintaining user convenience for frequently accessed systems.

    • How it works
    • Generating the MFA Trusted Browsers Report
    • Revoking Browser Trusts
    • Customizing the MFA Trusted Browsers Report
    • Automating the MFA Trusted Browsers Report
    • Exporting the MFA Trusted Browsers Report
    • Tips

    How it works

    This report queries the ADSelfService Plus database to retrieve all active browser trust relationships where users have chosen to remember their MFA verification on specific browsers. It displays trust relationships across different applications (ADSelfService Plus, OWA, SSO) and provides administrative controls to manage these trusts for security purposes.

    Limitation: This report displays information on only browser-based trusts and not machine-based trusts. To view that information, use the MFA Trusted Machines Report.

    Prerequisite: You must have administrator or technician-level access to the ADSelfService Plus portal to generate and view reports.

    Generating the MFA Trusted Browsers Report

    To generate the MFA Trusted Browsers Report:

    MFA Trusted Browsers Report
    1. Log into the ADSelfService Plus admin portal with administrator or operator privileges.
    2. Navigate to Reports > MFA Reports > MFA Trusted Browsers Report.
    3. Specify the domain in which to search using the Select Domain option.
    4. Specify OUs (if necessary) using the Select OUs option.
    5. Click Generate to generate the report.

    Revoking browser trusts

    You can select any of the entries in the report to display the Revoke Trust button, which can be used to revoke any of the active user-browser MFA trusts.

    MFA Trusted browsers report in ADSelfService Plus

    Customizing the MFA Trusted Browsers Report

    • Adding or removing columns: To add or remove columns, click on the Add/Remove Columns [ ] option at the far right of the report. In the Select the columns to be displayed pop-up that appears, select the required fields under Available Columns and click on the right arrow ( >> ) to move it to the Selected Columns. To remove columns, select the unused fields under Selected Columns and click on the left arrow ( << ) to move it to Available Columns.
    Revoking trusts in the MFA Trusted browsers report in ADSelfService Plus
    • Ordering the columns: The columns' positions can also be altered by selecting a value under Selected Columns and using the Up and Down options to change its position.

    Advanced filtering

    Once the report is generated, the entries can be narrowed down based on the following parameters by clicking the Advanced Filter [ ] icon at the far-right side of the report page.

    Customizing the MFA Trusted browsers report in ADSelfService Plus
    • Access Mode: The sub-options available under Access Mode include Desktop Site and Mobile Site.
    • MFA Trusted for: Using this option, you can narrow-down users with active browser trusts for ADSelfService Plus Logins, OWA Logins, and SSO Application Logins.

    Sorting

    Click on any of the column headers to view the report's entries in ascending or descending order.

    Searching

    • Click on the search icon [ ] in order to search for specific data in the report.
    • Specific users can be searched for using their Username, Machine Name or the type of Browser the trust is active on.
    • Searching happens using the criteria ' contains '. For example, if the username column is searched for the word " jack " , then all usernames containing the sequence " jack " will be displayed as a result.

    Automating the MFA Trusted Browsers Report

    • The Schedule Reports option can be used to schedule the generation of reports at specified intervals, and automatically email them to administrators or specific email addresses. Learn to schedule reports here.

    Exporting the MFA Trusted Browsers Report

    • The Export As option at the right corner of the page helps export the report in CSV, PDF, XLS, XLSX, HTML and CSVDE formats.

    Tips

    • The More option at the right corner of the page lists the Printable View, Send Mail, and Export Settings options.
      • The Printable View option can be used to preview and print the report.
      • The Send Mail option can be used to mail the report to the desired email addresses.
      • Additionally, you can configure custom Export Settings, such as a personalized title for the report and a header logo that you may wish to display on each page.
    • Enforce trust policies for high-risk applications: Use the MFA Trusted for filter to review trusts specifically for sensitive systems like SSO Application Logins. Consider revoking browser trusts for critical applications that require authentication on every access, regardless of user convenience preferences.