Skip to main content
Cisco Meraki Documentation

Login Attempts


The Organization > Monitor > Login Attempts page displays historical login information for the Dashboard Organization. A login event will be generated for all organizations an administrator has access to any time any of the current Organization or Network Administrators attempts to login to the Dashboard. This includes regular Dashboard login attempts and SAML logins. These events will record the following information about the login attempt:

  • Email: The email that was used for the login attempt
  • IP Address: The IP address that sourced the login attempt
  • Location: The approximate Geo-location of the IP that sourced the login attempt
  • Type: The type of login attempt, either 'Login' (normal Dashboard login) or 'SAML'
  • Status: Displays the Success or Failure of the login attempt
  • Time: The timestamp of the login attempt

Learn more with these free online training courses on the Meraki Learning Hub:

Sign in with your Cisco SSO or create a free account to start training.

Sorting and Filtering

By default, Login Attempts are shown with the most recent events listed first. This can be changed by clicking the column header to re-sort the displayed login attempts. The screenshot below displays several recent login attempts from several different accounts and IP addresses, including a failed login attempt.


The Login Attempts page can also be filtered for specific events by typing in the Search box at the top left of the page. Currently the Login Attempts page can only be filtered by either the Email address or IP address of the login attempt. 

Note: If the user is an administrator on multiple organizations, their login attempts will be populated on the Login Attempts page for all organizations they have access to.


  • Was this article helpful?