You're doing "top" as the second command in that search. top generates statistics on events and returns the aggregated statistics for the events, so the details for those events (including timestamp) will not be available after running top. This is why sorting by _time does not work in this search. What is it you want the search to show?

index=myindex action="AUTHN_LOGIN_EVENT" result="SUCCESS" my-Users earliest=-24h | top login_name, last_name, first_name | eval emp_name=last_name. ", " .first_name|rename emp_name as "Employee Name" | rename login_name as User-ID | table "User-ID" "Employee Name"| sort - _time

This will not sort by _time

You need to specify how it "did not work". What does your search look like? What does your dashboard XML look like? By default Splunk is returning the latest events first, so if the events in your table are sorted in any other order that implies you are doing something else in your search that interferes with that default behaviour.

I tried this and it did not work, so instead I tried | top _time, field1, field2 and this works. The only problem this creates is field1 might be repeated. If I dedup field one, I get less than 10 results.