Audit
Audit management consists of two parts: Audit Reports and Configuration Management.
Audit report data includes internal administrative operations, access logs, API call records, and information modification events. In the menu, reports are categorized into Login Audits, Management Audits, and Other Audits. Administrators can view, filter, and export these audit reports from the interface.
Configuration management provides audit data configuration, including data persistence, list fields, mappings, retention periods, import/export, and more.
Login Audits
| No. | Audit Type | Data Source Description |
|---|---|---|
| 1 | Platform Login | Records of users logging into the platform (any API call triggers a log) |
| 2 | SSO Application | Records of users logging into applications via SSO |
| 3 | Radius Login | Records of users logging in via Radius authentication |
Management Audits
| No. | Audit Type | Data Source Description |
|---|---|---|
| 1 | User Management | Add/Modify/Delete/Disable/Enable/Lock/Unlock operations under Identity Management - User |
| 2 | User Type | Add/Modify/Delete operations under Identity Management - User Types |
| 3 | Organization | Add/Modify/Delete/Disable/Enable/Transfer/Merge under Identity Management - Organization |
| 4 | Organization Type | Add/Modify/Delete/Disable/Enable under Identity Management - Organization Types |
| 5 | Position Management | Add/Modify/Delete/Disable/Enable under Identity Management - Positions |
| 6 | Application | Add/Modify/Delete/Disable/Enable under Application Management - App Config |
| 7 | Application Type | Add/Modify/Delete/Disable/Enable under Application Management - App Config |
| 8 | Account Management | 1. Add/Modify/Delete/Disable/Enable/Bind/Unbind/Bulk Create under Application Accounts 2. Lifecycle delays under Account Provisioning |
| 9 | Password Management | Reset password, change password, forgot password, forced change on first login or expiration |
Permission Audits
| No. | Audit Type | Data Source Description |
|---|---|---|
| 1 | Account Permission | Changes in permissions via manual provisioning, automatic provisioning, or self-service requests |
| 2 | User Permission View | Viewable user access scope, including permission views, account permissions, lifecycle records, and export capabilities |
| 3 | Application Permission | Statistics on total accounts, zombie accounts, orphan accounts, permission resources, roles, and groups; updated nightly |
| 4 | Auto-Provisioned Auth | Logs of permission changes via automated account provisioning |
| 5 | Manual Auth | Logs of permission changes through manual binding/unbinding of accounts to permissions |
| 6 | Self-Service Auth | Logs of permission changes from self-service requests on the portal or permission marketplace |
| 7 | Abnormal Permission | Statistics from Identity Governance on permission conflicts, compliance violations, and alerts/blocks triggered by policies |
Other Audits
| No. | Audit Type | Data Source Description |
|---|---|---|
| 1 | User Session Replay | Playback of user activities after accessing an application via the platform View Setup Guide |
| 2 | Notification Interface | SSO-related alerts triggered under Policy Management - Notifications |
| 3 | Notification Tasks | IDM-related alerts triggered under Policy Management - Notifications |
| 4 | Password Recovery Method | Records of binding/unbinding authentication methods in Portal - Account Security |
| 5 | Password Recovery Codes | Records of verification codes generated during password recovery via different methods |
| 6 | AD Password Sync Audit | See System Settings - Parameters - External Services - AD Reverse Sync |
| 7 | Masked Data Access | Audits when users view unmasked data where Policy Management - Data Security permits plaintext viewing |
Configuration Management
Scenarios
Used for maintaining and summarizing audit report data.
| Config Item | Description |
|---|---|
| Audit Source | Filter selectable audit sources. White-listed tables come from Audit - Config Management - Data Source |
| SQL | Input SQL to filter desired data. Clicking elsewhere previews data. “Generate Field Config” auto-extracts fields |
| Field Config | Configure i18n aliases, field types, mappings, sorting, and statistics; clear config removes display in results |
Mappings
- Static Mapping: Exact value match, shown in results
- Dynamic Mapping: Regex-supported pattern match, shown in results
Chart API
Maintains graphical statistics (e.g., dashboards, user/app profiles), also callable by third-party systems.
| Config Item | Description |
|---|---|
| Audit Source | Choose audit source; white-listed tables come from Audit - Config Management - Data Source |
| SQL | Input SQL. Fields wrapped in #{} are treated as parameters. Configure [Parameter Settings] before previewing results |
| Result Mapping | Set mappings on SQL fields for returned API values |
| View | Click to expand and copy chart API information |
| Download Docs | Select multiple charts to download metadata as .txt files |
Calculation Models
Use scheduled tasks to group, aggregate, and store data in designated tables for efficient reporting.
| Config Item | Description |
|---|---|
| Schedule Interval | Set how often the model runs |
| Audit Source | Filter audit source; see Audit - Config Management - Data Source |
| SQL | Input SQL with #{}-wrapped time fields to use in [Time Settings]. If none present, preview directly |
Time Expressions: now-1d, now-1h, now-1m, now-1M, now-1y, now-1s | |
| Output Settings | Set target table (must be whitelisted), auto-fetch fields, define types, and mapping |
Data Source
Used as the data source for audit reports; connects to local or built-in databases. Each tenant has default sources:
- Local →
auditlogDB - Built-in →
auditDB
| No. | Property | Description |
|---|---|---|
| 1 | Type | Supported DBs: MySQL 5.7, PostgreSQL 9.6 |
| 2 | URL | Database connection URL |
| 3 | Username | DB account username |
| 4 | Password | DB account password |
| 5 | Test Connect | Tests connection; failure allows whitelist selection |
| 6 | Whitelist | Tables selectable from DB if connection fails |
View Whitelist
Verify whether added tables during source creation/editing meet criteria.
Delete Data Source
Data sources can be batch-deleted. Be cautious: related data in scenarios, charts, models may not display correctly afterward.
Scheduled Cleanup
| Config Item | Description |
|---|---|
| Export Config | Export all configurations of scenarios, mappings, charts, models, and sources |
| Import Config | Import full configuration sets as above |
| Data Cleanup | Based on UTC settings, select cleanup range/tables. View logs to check success |
| Cleanup Tables | Select whitelisted tables, define timestamp fields, format, and cleanup scope. If set to "Default", scope follows page-level config settings |