Chat now with support
Chat with Support

Enterprise Single Sign-On 9.0.2 - One Identity Enterprise Access Management Console Administration Guide

Preface Overview Authenticating to EAM Console and Managing Protection Modes Searching the Directory Tree Managing administrators Managing Security Profiles
Managing time slices Managing Password Format Control Policies Managing User Security Profiles Managing Access Point Security Profiles Managing Application Security Profiles Defining Security Profiles Default Values Managing User and Access Point Security Profiles Priorities
Managing directory objects
Managing applications Managing users Managing access points Managing representative objects Managing clusters of access points Selecting a domain controller
Importing/Exporting security profiles and directory objects Managing smart cards Managing SA server devices Managing RFID tokens Managing biometrics Managing Mobile Devices Enabling the public key authentication method Managing Emergency Accesses Managing audit events Managing reports Customizing configuration files Creating scripts Basic syntax of regular expressions Listing audit events and error codes Correspondence between profiles and administration rights Report Models and Parameters List Custom Group Files Format

The "Event details" window

Window example

The following example shows the detailed information on an administration event related to the creation of a time slice.

Description

The Events Details window gives you more information on a selected event. Compared with the Audit main window, it contains two additional pieces of information:

  • The Error code field.
  • The Description field.
  • If the event is related to a group, an organizational unit or a directory identified as an audit population: the Population field.

The other fields display the same information as the Audit main window.

NOTE: The User's audit ID field corresponds to the Audit ID column of the Audit main window.
 

Field

Description

Error code

This field informs you on the cause of the error.

Description

This area gives more information on the event (for a detailed description of this field for administration events, see Section Detailed information on the audit administration events).

Population

This field only appears for events related to a group, an organizational unit or a directory that has been identified as an audit population.
It displays the audit population label of the group/organization/directory.

Detailed information on the audit administration events

Subject

This section focuses on the information displayed by two specific fields of the Audit window:

  • The Event Type field of the Event Details window (which corresponds to the Event Code column of the Audit main window).
  • The Description field of the Event Details window.
The Event field

The Event Type field is built using the type of the audited object and the administration action on this object. Just combine one entry of the Object Type column with one entry of the Administration Operation column below to get the list of possible values that can appear in the Event Type field of an administration event:

NOTE: The aim of the following table is to show you as many combinations as possible, but it is not exhaustive.
 

Object type

Administration operation

  • Access point
  • User access - Access point
  • Access point security profile
  • Account
  • Account parameters
  • Administration profile
  • Application
  • Application - Access point access
  • Application - User access
  • Application administration profile
  • Application parameter
  • Application profile
  • Biometrics data
  • Configuration
  • User authentication on an external domain
  • Group
  • Organization
  • Parameter
  • PFCP
  • PGP
  • Representative
  • Role
  • Software module
  • SSO Storage
  • Technical definition
  • Timeslice
  • Token
  • Token class configuration
  • User
  • User - Application access
  • User authentication
  • User profile
  • Creation
  • Deletion
  • Modification
  • Renaming

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Examples:

  • The creation of a PFCP object has the following value: PFCP - Creation.
  • Account modifications have the following value: Account - modification.
The description field

The Description field of administration audit events displays two groups of information:

  • An optional description giving you detailed information on the audited object, as shown in the following example:

This description is available with the following objects:

  • Token.
  • User - Application access
  • Application - Access point access
  • Account parameter
  • Account
  • Application administration profile
  • Access point - User access

NOTE: For a detailed description, per object, of the displayed information, see the table below.
  • The values of the implied LDAP attributes, as shown in the following example:

Detailed description per object

Object

Description

Token

Token class.

Token serial number.

Token state.

Owner (owner name and DN).

User - Application access

Application (name and DN).

User (list of the authorized users).

Application - Access point access

Application (name and DN).

Access point (name and DN).

Account parameter

Name (name and DN of the account parameter).

User (name and DN).

Connection

Account base identifier.

Application (name and DN)

Account

User (name and DN).

Connection

Account base identifier.

Application (name and DN)

Application administration profile

User (name and DN).

Application (name and DN)

User access - Access point

User (name and DN).

Access point (name and DN).

Exporting audit events

Subject

You can export the displayed audit events in a CSV or XML file.

Audit events export is available from the Audit panel of EAM Console or from the Directory panel.

Procedure

  1. From the console panel that you want to use, do one of the following operations:
  • In EAM Console, open the Audit panel and select the events to export.
  • In EAM Console, open the Directory panel, select the wanted object, click the Events tab and select the events to export.

    NOTE: If no events are selected, all the events will be exported.
  1. Click the Export button.
    • The export window appears.
  2. Select the format and location of the export file.
  3. Click the Export button.
    • A confirmation message appears.

      NOTE: If no events are selected, all the events will be exported.

Archiving audit records

Subject

The archiving functionality allows you to export a selection of audit records in a CSV file, and delete these records exported from the audit database.

Before starting

To perform the task described in this section, you must have the following administration role:

  • In classic administration mode: "Security object administrator".
  • In advanced administration mode, your role must contain the following administration rights: "Audit database: Management".

NOTE: For more information on administration roles, see Section Managing administrators.

Procedure

  1. In the Audit menu, click Archive.
    • The audit database export tool appears.
  2. Follow the instructions displayed by the wizard to perform the following operations:
    • Step 1: select the time range of the audit records to export.
    • Step 2: select the file that will receive the audit records.
    • Step 3: delete the exported records from the audit database.

IMPORTANT: If you do not want to delete the audit records exported from the audit database, click Cancel at Step 3.
Related Documents