About
- Core technologies
- Requirements
Getting started
Dashboard
Advanced configuration
Theme builder
Email template builder
Health checks
What's New
Migration guides
Changelog

Dashboard Overview

A real-time monitoring hub for your IdentitySuite installation — users, clients, tokens, certificates, and security events at a glance

Time Window & Refresh

At the top of the Dashboard you will find a time window selector and a refresh button. These controls determine the time range used to compute trends and activity data displayed in the charts and feeds below.

Available Time Windows:

6h — Last 6 hours. Useful for monitoring activity shortly after a deployment or configuration change.

24h — Last 24 hours. The default window, suitable for day-to-day operational monitoring.

3d — Last 3 days. Helps identify patterns that span multiple days, such as weekend traffic drops.

7d — Last 7 days. A broader view for weekly trend analysis and capacity planning.

💡

Manual Refresh:

The Dashboard does not refresh automatically. Use the Refresh button to reload all data on demand. Changing the time window automatically triggers a reload of the trend charts, while summary cards and feeds are refreshed only when you press the button explicitly.

Summary Cards

The four summary cards at the top of the Dashboard provide an instant snapshot of the current state of your installation. Each card focuses on a specific area of the system.

Users & Roles

Displays the total number of registered users and the number of roles defined in the system. When relevant, additional indicators appear below the user count:

Locked Out — Number of accounts currently under a lockout. Shown in amber as a warning signal.

Unconfirmed — Number of accounts whose email address has not yet been verified. Shown in gray.

Registered Clients

Shows the total number of OpenID Connect / OAuth 2.0 client applications registered in IdentitySuite. This count includes all client types: web applications, APIs, mobile apps, and machine-to-machine clients.

Tokens

Provides a snapshot of token activity across the installation:

Issued Tokens (Last 24h) — The number of access tokens issued in the last 24 hours, regardless of the selected time window. Gives a consistent baseline for daily activity.

Active Refresh Tokens — The number of refresh tokens currently valid and stored in the system. A significantly high number may indicate that token cleanup or rotation policies should be reviewed.

Certificate Health

Monitors the validity of the signing and encryption certificates used by IdentitySuite to issue and validate tokens. For each certificate, the card shows the number of days remaining before expiry. The card border and icon color change to reflect the current health status:

Green — All certificates are valid and not approaching expiry. No action required.

Amber — At least one certificate is expiring soon. Plan a certificate renewal to avoid authentication disruptions.

Red — At least one certificate has already expired. Token issuance and validation may be affected. Immediate action is required.

Security Overview

When the system detects accounts that require attention, an amber panel appears below the summary cards. This section is hidden when there are no actionable items, keeping the Dashboard clean during normal operations.

Locked Out Accounts:

Lists all accounts currently locked out due to repeated failed login attempts. For each account, the panel shows the username and the exact date and time when the lockout will automatically expire. An Unlock button is available next to each entry, allowing an administrator to immediately restore access without waiting for the lockout period to elapse.

At-Risk Accounts:

Lists accounts that have accumulated a significant number of failed login attempts in the last 24 hours but have not yet been locked out. For each account, the panel shows the username, the failure count, and the timestamp of the most recent failure. These accounts are potential targets of brute-force or credential-stuffing attacks and should be monitored closely.

Activity Charts

Two spline area charts visualize the trend of authentication and token activity over the selected time window. Each point on the horizontal axis represents an hourly bucket, making it easy to spot peaks, anomalies, or drops in activity.

Login Activity:

Tracks authentication attempts over time with three overlapping series:

Successful — Login attempts that completed successfully, including password, external provider, passkey, and two-factor logins.

Failed — Login attempts that were rejected due to invalid credentials or other errors.

Locked Out — Attempts blocked because the target account was locked out at the time of the request.

The totals for each series over the selected window are displayed in the card header for quick reference. A sustained rise in the failed or locked-out series may indicate an ongoing attack and warrants investigation.

Token Activity:

Tracks token lifecycle events over time with two series:

Issued — Access tokens and refresh tokens issued by the server. The trend naturally follows the shape of the successful login curve.

Revoked — Tokens explicitly invalidated before their natural expiry, typically triggered by a logout or an administrative action.

An unusually high revocation rate compared to issuance may indicate a session management issue or a security response in progress.

Activity Feeds

Two sortable, filterable grids provide a detailed record of recent system activity. Both feeds load the most recent 50 entries and support column-level filtering and sorting to help you quickly locate specific events.

Security Events:

A chronological log of authentication-related events across all users and clients. Each row shows the timestamp, event type, username, client identifier, and whether the operation succeeded. Event types are color-coded for fast visual scanning:

Success Successful logins, two-factor verifications, passkey logins, external provider logins, and recovery code usage.

Failed Failed login attempts via any authentication method.

Locked Out Authentication blocked because the account was locked.

Revoked A token was explicitly revoked.

Design Note — Token Issued events

Token Issued events are intentionally excluded from this feed. Because a token is issued on every successful authentication, including these entries would add a large volume of low-value rows that would obscure more meaningful security signals. Token issuance volume is already visible in the Token Activity chart above.

Admin Actions:

A chronological log of administrative operations performed through the IdentitySuite management interface. Each row shows the timestamp, action type, the administrator who performed the action, the target entity, and the entity type.

Expanding a row reveals the specific details of the change — for example, which claims were added, which roles were assigned, what field values were updated, or which client properties were modified. This makes the Admin Actions feed the primary audit trail for all configuration and user management changes made through the UI.

Security Actions

This section provides emergency security actions that affect the entire authorization server. These operations are irreversible and should only be used in response to confirmed or suspected security incidents. Normal day-to-day administration does not require the use of these controls.

Global Token Revocation:

Immediately revokes all active tokens across every client and every user in the system, including access tokens and refresh tokens. All authenticated sessions backed by OpenIddict tokens will be invalidated and users will be required to complete a new authorization flow to obtain fresh credentials.

Use this action when a systemic compromise is suspected — for example following a critical vulnerability disclosure such as a CVE affecting the token format or the underlying cryptographic infrastructure, or when sensitive cryptographic material may have been exposed across the entire system. For incidents affecting only a single client application, prefer the targeted revocation available in the Security tab of the individual client configuration instead.

Implications:

All users are affected: every active session backed by an OpenIddict token will be terminated, regardless of the client or the user role. This includes administrators.
Refresh tokens are invalidated: client applications relying on refresh tokens to maintain long-lived sessions will not be able to silently renew access and will need to trigger a new authorization flow.
No selective exclusion: it is not possible to exclude specific clients or users from this operation. If a more targeted revocation is needed, use the per-client or per-user revocation controls instead.

Additional impact when Data Protection is active:

If the server is configured to use ASP.NET Core Data Protection as the token format, the global revocation will also revoke all Data Protection master keys. This ensures that tokens and authentication cookies protected with the compromised keys are immediately rejected, even if they have not yet expired.

Because the administrator's own session cookie is protected by the same keys, you will be automatically signed out as soon as the operation completes. You will need to sign in again to resume administrative operations. Ensure you have valid credentials available before proceeding.

This behavior is consistent with the recommendations issued by the ASP.NET Core security team for responding to Data Protection vulnerabilities such as CVE-2026-40372.

Preview Feature (Free Plan)

This feature is offered as a 30‑day preview for Free plan users. You can explore its capabilities during this period and evaluate how it fits your workflow. To continue using the full version after the preview, upgrade your subscription.