Skip to main content

Manage audit logs in OneID

Zuora

Manage audit logs in OneID

Overview

Audit logs in OneID provide a comprehensive record of user activities, data access, and Administrative configurations within the OneID application. These logs are essential for maintaining security, ensuring compliance, and facilitating troubleshooting. The following logging system records login attempts and administrative activities.

  • OneID Login Events: The OneID Login Events record user authentication information, such as successful logins and unsuccessful attempts. The logs contain compliance-related metadata like timestamps, user identifiers, and IP addresses for regulatory audits and data protection compliance.
  • OneID Settings Events: OneID Settings Events cover administrative tasks like user account management, role assignments, and permission changes. Additionally, this event captures other configurations like SSO integration, Security policy changes, and OAuth token management.

View audit log reports

To view an audit log report:

  1. Click Audit Logs from the admin console.
  2. Select the Start Date and End Date
  3. The Event Types consist of the following information in general.
    1. Action: Expands to display the action that occurred as part of the event.
    2. Timestamp: Indicates the date and time at which the event occurred.
    3. Tenant ID: Tenant ID is not applicable for OneID global Audit events, as all the events are captured at the organizational level.
    4. Environment: Defaults to GLOBAL as all events are captured at the global OneID level, irrespective of the environments.
    5. Event Type: This can be either Global Login Events or Global Settings Change Events, depending on whether it's a login event or a settings change event.
    6. Object Name: Identifies the entity linked to the event, ranging from user accounts to applications or any entity within the OneID system.
    7. Object Type: Clarifies the nature of the event by specifying the category or classification of the mentioned object.
    8. Namespace: Denotes the namespace or scope within which the event occurred.
    9. Username: Identifies the user associated with the event, particularly relevant for actions related to user authentication, access control, and account management.
  4. (Optional): Click Export to access the data you need to export.

Ensure the dates you select are within 180 days from inference. Post 180 days until ten years of history can only be exported once you raise a request from support.

View login events

To view a OneID login event,

  1. Click Audit Logs from the admin console.
  2. Select the Start Date and End Date
  3. Choose a OneID Login Event from Event Types and click Apply.
  4. From Action, Click > to see further details.
    1. OneID Login Events: Provides the following information for all events that occur:
      • IP Address: Displays the assigned unique numerical label for each device, facilitating the identification of the source of the login event.
      • Hostname: Shows the assigned name of a network-connected device, aiding in the analysis of login events.
      • Login Type: Specifies the method used for authentication during the login event. It could include options such as username/password, single sign-on (SSO), OAuth, and so on.
      • Browser Type: Indicates the web browser the user uses to access the OneID login interface.
      • Browser Version: Specifies the version number of the web browser used by the user during the login event. 
  5. (Optional): Click Export to access the data you need to export.

View settings event

To view a OneID settings event,

  1. Click Audit Logs from the admin console.
  2. Select the Start Date and End Date
  3. Choose OneID Settings Events from Event Types and click Apply.
  4. From Action, Click > to see further details.
    1. Attribute ID: Denotes the unique identifier associated with the attribute or property of the entity being modified. For example, first name, role, region, status, created on, updated on, and so on.
    2. Old Value: Displays the attribute's previous value before the modification occurred.
    3. New Value: Showcases the updated value of the attribute following the modification. 
  5. (Optional): Click Export to access the data you need to export.

Add filters to audit logs

To add filters to audit logs,

  1. Click Audit Logs from the admin console.
  2. Select the Start Date and End Date
  3. Click +Add New Filter.
  4. Following are the types of filters available to refine your search:
    1. Action: Allows you to specify the type of action you want to filter for. You can choose from CreatedUpdated, or Deleted actions. For example, you might want to filter audit logs to show only user accounts updated within a specific time frame.
    2. Event ID: Helps you locate specific events in the system using their unique identifier, making it easier to identify particular incidents or actions.
    3. Object Name: With this filter, you can narrow down audit log results based on the name of the object or entity involved in the event. This includes user accounts, groups, resources, files, or other relevant entities within the OneID system.
    4. Object Type: Allows you to narrow down your search by specifying the object type mentioned in the audit log, such as user accounts, groups, permissions, configurations, and so on.
    5. User ID: Allows searching for audit log events by user ID to track individual user activity.
    6. Username: Similar to the User ID filter, the Username filter allows you to search for audit log events associated with a specific user by their username. 
  5. After applying the desired search filters, click Apply.
  6. (Optional): Click Export to access the data you need to export.