How to report Salesforce mobile app usage?

So, you just roll-out Salesforce1 for your internal company usage, congratulations!!! Next step is to monitor your user adoption and present it to the management team.

Bad thing, in the user login report, you cannot identified which login is coming from Salesforce1. Work around, you can download Login History into CSV file and using Ms Excel to filter Application contain Salesforce1. It is pretty complex using Login History and you cannot run it as a report to use it as source for Dashboard and present it your management team.

Instead of using standard User report type, create a new custom report. Here is the step:

Create Custom Report Type
Start with create a new custom report type:
•  From Setup, click Create | Report Types
•  Click New Custom Report Type button
•  Enter the following values.
   •  Primary Object: Users
   •  Report Type Label: a unique label such as Login History with Identity
   •  Report Type Name: this field will be automatically populated based on Label, just skip it.
   •  Description: Give a useful description that other user will understand in the future.
   •  Store in Category: Pick a category for this report; such as Administrative Reports.
   •  Deployment Status: Keep as In Development until ready to deploy this report for other users.
•  Click Next
•  Select Click to relate to another object
•  Select Identity Event Logs (Users)
•  Keep A to B Relationship to default "Each "A" record must have at least one related "B" record"

•  Click Save.

Create Custom Report

•  Click the Reports tab and New Report button
•  In Administrative Reports, select Login History with Identity and click Create.
•  Drag-and-drop fields on to the report. Some useful fields to add into report: Full Name, App: Connected App Name, Timestamp, Status and Usage Type
•  Add filter “App: Connected App Name contains Salesforce1”
•  Give the report a name, such as: Salesforce1 Adoption.
•  Click Save
As this is a normal report, you can adjust the Time Frame.

Here is the screenshot of the report created:

If you see above report, in Usage Type:
•  OAuth Authorization: when the user first logs in
•  OAuth Token Exchange: when user has been idle for some time and the app needs to re-authenticate
In the Status, Error: App access denied tell you if user hit "Deny" in Salesforce1 app

Another example of report below, App: Connected App Name tell you each transaction of login attempt or re-authenticate attempt from Salesforce1 app from iOS or Android devices.

Using the "Power of One", you can easily count how many users login to Salesforce1 app from iOS and Android device, then add a simple chart to the report. In sample below, it show number users for Android = 34 and iOS = 276, with total of 305 users. This mean 29 (34 - 5) users using Android only, 271 (276 - 5) users on iOS only and 5 users are using both Android and iOS devices to access Salesforce1.

If you need to do further analysis, you can download the CSV file and use Pivot Table in Ms Excel.

Anyway, this only work in Enterprise edition and above (included Unlimited and Performance edition), so if you are using Professional edition, this is not applicable and hope Salesforce will implement Salesforce Identity for Professional edition in the future.

How to implement SSO in Salesforce1 mobile app?

For organization has implement SSO to login to Salesforce from web browser, organization can implement the same for Salesforce1 mobile app. There are two option for this:

1. Log in to a custom domain 
From log in screen, tap Log in to a custom domain

Enter your company 'My Domain' used for SSO.

App will prompt you to enter your company network (e.g. Active Directory) username and password.

You will be asked to allow permission access to Salesforce1 for iOS or Android

2. Add new Connection

From log in screen, tap gear icon at top right

Tap + icon on top right corner

Enter your SSO URL (e.g. mycompany.my.salesforce.com) into Host and your company name (preferred) into Label, then app will ask your company network username & password, in the next screen permission to allow login using Salesforce1, this is the same with option 1 above.

The difference between "Log in to a custom domain" with "Add Connection", with add connection, you just need to add once and and keep using it, while login with custom domain, need you to type "my domain" every time you login. It is your choice since both works, but prefer to add connection once and you do not need to enter my domain every time you log out from the app.

Reference: Single Sign-On for Desktop and Mobile Applications using SAML and OAuth

Salesforce Report for SAML Federation Id for SSO

For organization implementing SSO for Salesforce.com login authentication, if you get a ticket from user query that they cannot login to Salesforce via SSO. Here steps for you need to check:

1. Make sure you are in office network (including VPN) and try to login yourself. If not working, check with your peers of SSO expert, maybe server down or some other issue.
2. If you can login with SSO, check the user detail and make sure Federation Id is enter correctly.

It is a good practice for admin to run a report to list down all Active users with their Federation Id information. But.... we cannot find Federation Id field in available field using standard Users report type.

So how? You can create custom report type, here we go:

1. Create Custom Report Type
From Setup - Build - Create - Report Types

• Click New Custom Report Type button
• Select Users as Primary Object
• Enter Label, Description and Store in Category (preferred Administrative Reports)
• Select deployment status
• Click Next button and Save button

To confirm, click "Edit Layout" button in Fields Available for Reports, you should see "SAML Federation Id" is there.

2. Create Report
Create normal report and select report type created in step 1 from correct report folders.
You should be able to see SAML Federation Id in available field fro report.

Cool..... ?