Events and Logs

Follow

Tracking the actions of your users and administrators is important for both troubleshooting and security purposes.

Clearlogin offers a variety of different logs that can all be accessed from the navigation bar in your Admin Panel:



As you can see, there are currently 7 types of Events that are logged:

Access Log - Logs Actions such as "login_success" and "login_failure," both of which are statements as to whether or not a user authenticated successfully.  Failed logins include incorrect usernames, incorrect passwords, or both.  An "access_denied" action means that a user entered correct credentials, but was not allowed to log in due to a preventative Access Rule associated with that user, or the user's account has been disabled or locked.  Access denials include not being allowed to log in from a specific location, and not being allowed to log in at a certain time.



Identity Source Log - Logs which users are logging in from which Identity Source (IDS) and whether or not they are successful.  A "success" result is a login attempt that authenticated properly, and an "invalid" result is a login attempt that could not be authenticated, either due to a wrong username, wrong password, or both.



App Connections Log - Logs which user logged into which application, when, and how (SAML, JWT, etc.) as well as whether or not they were successful.  The blue edit button next to each log entry will take you directly to the related app's configuration page, which you would normally access by selecting Apps from the navigation bar and then clicking on Manage Apps and then searching for the app.



Admin Log - Tracks all actions of administrators from logging in to the Admin Dashboard to Access Rule modifications to changes to App configurations, etc.



Browser Report - Displays a log of how many users are using specific browsers and on what days.  Highlighting a bar on the bar graph with your mouse cursor will also provide a tool-tip style breakdown.



Geography Report - Displays a log of which countries users are logging in from, as well as how many and on what days.  Highlighting a bar on the bar graph with your mouse cursor will also provide a tool-tip style breakdown.



Here is a list of the most common events that you will see throughout your logs:

Login Success - When a user successfully logs in.
Login Failure - When a user provides an incorrect password, username, or some other failure has occurred.
Access Denied - When a user violates an Access Rule.
Change Password - When a user changes their password.
Reset Password - When a user performs a "forgot password" reset.
MFA Success - When a user successfully enters MFA credentials during an MFA check.
MFA Failure - When a user failures an MFA check.
Lockout - When a user's account is locked in their corresponding Identity Source.
Logout - When a user logs out.
Reset Needed - When a user is required to change their password.

You can integrate events into apps such as Microsoft Office 365 GroupsSlack, and Zapier via Webhooks so that your most important logged information is posted to channels within those services.  This is a very useful feature that allows admins to monitor the goings on of their Clearlogin domain(s) without having to always remain logged into the Admin Dashboard.

Have more questions? Submit a request

Comments

Powered by Zendesk