Skip to main content

Audit Logs

The eGuardian dashboard provides access to real-time audit logs, which include detailed data on the context and results of authentication and workstation events.

Log Summary View#

A list of the most recent authentication events can be found on the eGuardian Dashboard home page. Each user can see their own activity by selecting Show Logs for Current User; users who are administrators can view all events for users within their organization by selecting Show Logs for Organization. The default summary view includes the time, type of event, user, application, and result.

Organization Logs

Types of Audit Log Events#

  • Authentication: Login requests via web apps, Credential Provider, RADIUS, etc
  • Continuous Authentication: Logins to additional resources during an authenticated SSO session
  • Workstation Log: Workstation events such as locked, unlocked, paired, logged out, etc

Types of Result#

  • MFA Approved: Successful login, approved by the user or automatically via policy
  • Automatically Approve: Continuous authentication approved by the policy engine
  • MFA Expired: Login request expired without being approved
  • MFA Rejected: Login request rejected by the user or due to policy

Audit Log Details#

Details for each authentication event can be viewed by clicking on it in the summary list. Different types of information are displayed for different events.

Authentication and Continuous Auth#

  • LOA Score: Composite Level of Assurance score
  • LOA Breakdown: LOA component scores
  • Applied Policies: Policies applied to this authentication request
  • Description: Detailed context information

Continuous Auth Details

Workstation#

  • Description: Workstation event (locked, unlocked, paired, etc)
  • Workstation: Device and user information
  • Current State: Current session state
  • Paired: Workstation pairing status
  • Workstation System Attributes: Detailed information on the workstation and configured settings

Workstation Log Details