System Audit Report
The System Audit report contains data about all activity on your My1Login account. You can use this report to review all of the activities on your account or to review a specific user's activity within a specified timeframe.
System Audit Data is kept for 12 months.
Admin activity can not be deleted from the system audit outside of the 12 month retention policy.
Parameters
The Login Attempts Summary page can be filtered using the following parameters:
Username
Date
"What" - Activity
Application
Running the Report
To run the System Audit Report:
- From the Admin Console, navigate to Reports> System Audit
- By default, the report will export all activity from the same calendar month.
- You can filter the page results using Username, Start Date/End Date, What, and Application.
- Click Search to view filtered results on the report page.
- Click Export to CSV in the top left hand corner to download the selected data as a comma separated value (CSV).
Retrieving the Report
A toast notification will let you know that your report has been added to the queue:
Another will let you know when the report has been processed:
You can either click on the Report Complete popup or navigate to Reports> Generated Reports to see your reports ready for download. Click the Download button and your report will download to a CSV file.
If you are waiting on the Generated Reports page and your report is still showing as "Queued" you may need to refresh the page for the Download button to appear.
Reports are available for download for 30 days after creation.
Results
The report page shows the following information:
- Who
- Domain
- What
- Label
- Date
- Outcome
- IP Address
The CSV report includes:
| Field name | Field description |
|---|---|
Username | User's My1Login username. This can be an email address or UPN. |
Audit Entry Type | Nature of activity. Full list of types outlines below. |
Target Label | Gives the detail of the page, application, activity. |
| Label | Method of authentication. |
Date | Date of login attempt. Timestamps are represented in UTC. |
| Outcome | Whether the login attempt was successful or failed. |
IP address | IP address of where the login attempt was made. |
Audit Entry Type - 'What' - Explained
| Field name | Field description |
|---|---|
Created | Indicates new activity in My1Login. Can apply to new identities, password policies, users, applications, password shares, inclusion/exclusion list, implementing security questions. |
| Read | Shows pages on My1Login Admin Portal that have been viewed by a user. This will also show where a user has viewed passwords for stored identities through the Admin pages. |
Updated | Shows any updates made by users or admins to identities, password policies, users, applications, password shares, security questions. |
| Deleted | Shows anything that has been deleted by a user or admin from My1login. Can apply to new identities, password policies, users, applications, inclusion/exclusion list, password shares, security questions. |
| Credential Entry | Shows when users have entered credentials on a target application. The label will indicate the application or URL. Timestamps are represented in UTC. |
| Executed | Application launch. Label will show the application used. |
| Template Script Recording | Deprecated Label |
Login Attempt | User has authenticated or attempted to authenticate with My1Login. |
Transfer Credential | Ownership of credential(s) has been transferred to another user. |
Active Directory Password Change | User has used Self Service Password Reset to change their AD password. |
Report Generated | Admin has generated a report from the Admin Portal. |
Related Articles
User Activation Report
The User Activation report contains data about users' status and My1Login access. You can use this report to separate web users from AD synced users. The report gives visibility of whether or not users have accessed their My1Login service. Parameters ...Application Usage Audit
The Application Usage Audit report contains data about the applications accessed by users in your organisation. You can use this report to see which applications are the most used in your organisation, identify shadow IT, and make decisions about ...Login Attempts Summary
The Login Attempts Summary report contains data about users' My1Login access attempts. You can use this report to see users login activity and their method of authentication. The report gives visibility of whether or not users have been successful in ...