As a BMC Helix Single Sign-On administrator, you can review the audit records for all events performed from administrator and end-user accounts.
Before you begin
For a selected tenant, enable auditing of records for administrators or end users in the BMC Helix SSO Admin Console. For information about how to enable auditing, see Configuring settings for BMC Helix SSO administrators.
To view the audit records
- Log in to the BMC Helix SSO Admin Console as an administrator.
- Click the Audit tab.
By default, the Audit tab shows all logged administrator, end-user actions, or actions of both for the last day. You can filter audit data by a certain date.
The following types of events are recorded on the Audit Events page for administrator actions:
Audit events for administrator actions
Audit event | Audit description |
|---|
| ADMIN_LOGIN_SUCCESS | An administrator has successfully logged in to the BMC Helix SSO Admin Console. |
| ADMIN_LOGOUT | An administrator has logged out from the BMC Helix SSO Admin Console. |
| ADMIN_USER_CREATED | An administrator user was created. |
| ADMIN_USER_DELETED | An administrator user was deleted. |
| ADMIN_USER_PWD_CHANGED | A password of an administrator user was changed. |
| ADMIN_USER_UPDATED | An administrator user was updated. |
| AUDIT_DISABLED | Auditing of administrator actions is disabled. |
| AUDIT_ENABLED | Auditing of administrator is enabled. |
| LAUNCHPAD_CREATED | A launchpad application was added to the Digital Service Management page. |
| LAUNCHPAD_DELETED | A launchpad application was deleted from the Digital Service Management page. |
| LAUNCHPAD_UPDATED | A launchpad application was updated on the Digital Service Management page. |
| LOCAL_GROUP_CREATED | A local group was created. |
| LOCAL_GROUP_DELETED | A local group was deleted. |
| LOCAL_GROUP_UPDATED | A local group was updated. |
| LOCAL_USER_ADDED_TO_GROUP | A local user was added to a group. |
| LOCAL_USER_CREATED | A local user was created. |
| LOCAL_USER_DELETED | A local user was deleted. |
| LOCAL_USER_PWD_CHANGED | A password for a local user was changed. |
| LOCAL_USER_REMOVED_FROM_GROUP | A local user was removed from a group. |
| LOCAL_USER_UPDATED | A local user was updated. |
| LOCAL_USER_UNLOCKED_BY_ADMIN | A local user was unlocked by the BMC Helix SSO administrator. |
| LOCAL_USER_UNLOCKED_BY_SYSTEM | A local user was unlocked automatically after the lockout interval expires. |
| OAUTH_CLIENT_CREATED | An OAuth client was created. |
| OAUTH_CLIENT_DELETED | An OAuth client was deleted. |
| OAUTH_CLIENT_UPDATED | An OAuth client was updated. |
| OAUTH_TOKEN_DELETED | An OAuth token was deleted. |
| OPENID_JWK_CREATED | An OpenID JWK was created. |
| OPENID_JWK_DELETED | An OpenID JWK was deleted. |
| RSSO_CONFIG_CHANGED | This event is generated when an administrator makes the following changes in the BMC Helix SSO Admin Console: - Changes to the configuration of the BMC Helix SSO server, on the General tab.
- Changes to the realms configuration, on the Realms tab.
- Changes to the local users configuration on the Local User tab.
|
| CONFIG_EXPORTED | Server configuration was exported. |
| CONFIG_IMPORTED | Server configuration was imported. |
| TENANT_CREATED | A tenant was created. |
| TENANT_DELETED | A tenant was deleted. |
| TENANT_UPDATED | A tenant was updated. |
| USER_SESSION_DELETED | An end-user session was deleted. |
| LOCAL_USER_REG_PENDING_DELETED | A nonconfirmed user was deleted. |
| LOCAL_USER_REG_PENDING | A request to create a local user by the end user. |
| LOCAL_USER_REG_COMPLETED | Local user registration is completed. |
| LOCAL_USER_REG_REQUEST_EXPIRED | A request to create a local user was expired and cleaned up. |
The following types of events are recorded on the Audit Events page for end-user actions:
Audit events for end-user actions
| Audit event | Audit description |
|---|
| END_USER_AUDIT_ENABLED | Auditing of end-user actions is enabled. |
| END_USER_AUDIT_DISABLED | Auditing of end-user actions is disabled. |
| ADMIN_LOGIN_FAILED | An administrator has failed to log in to the BMC Helix SSO Admin Console. |
| USER_LOGIN_FAILED | An end user has failed to log in. |
| SESSION_QUOTA_LIMIT_REACHED | A session quota limit was reached. |
| USER_LOGGED_IN | An end user has successfully logged in. |
| USER_LOGGED_OUT | An end user has successfully logged out. |
| SESSION_EXPIRED | An end-user session expired. |
| REAUTHENTICATION | An end user confirmed an operation by providing their credentials again. |
| AGENT_REGISTERED | A new agent was registered. |
| AGENT_UNREGISTERED | An agent was removed by the application server and the BMC Helix SSO listener. |
| REQUEST_AUTH_CODE | An authorization code was requested. |
| USER_WENT_THROUGH_CONSENT_PAGE | An end user went through the OAuth consent page. |
| REQUESTS_NEW_OAUTH_TOKEN_WITH_AUTH_CODE | An OAuth client requested a new access or refresh token with a code. The initiator (submitter) of this action is the OAuth client because it acts on behalf of the end user. |
| REQUESTS_NEW_OAUTH_TOKEN_WITH_REFRESH_TOKEN | An OAuth client requested a new access or refresh token with a refresh token. The initiator (submitter) of this action is the OAuth client because it acts on behalf of the end user. |
| REQUESTS_NEW_OAUTH_TOKEN_WITH_JWT | An application used the JWT grant type to request an access or refresh token for the particular end user. The initiator (submitter) of this action is the OAuth client because it acts on behalf of the end user. |
| ACCESS_TOKEN_REVOKED | An OAuth client revoked an access token. The initiator (submitter) of this action is the OAuth client because it acts on behalf of the end user. |
| REFRESH_TOKEN_REVOKED | The OAuth client revoked a refresh token. The initiator (submitter) of this action is the OAuth client because it acts on behalf of the end user. |
| AUTH_CODE_EXPIRED | An authorization code expired. |
| OAUTH_TOKEN_EXPIRED | An OAuth token expired. You must clean up the outdated OAuth token. |
| TOKEN_INFO_REQUESTED | An application used an end-user token to get information about the token. |
| TOKEN_USER_GROUPS_REQUESTED | An application used an end-user token to get information about the users groups. |
| USER_LOGGED_IN_NATIVE_APP | A user logged in using an identity provider from the chain configuration by using a native application. |
| LOCAL_USER_CHANGED_OWN_PWD | A local user changed password per forced password reset. |
| LOCAL_USER_LOCKED | A local user was locked after unsuccessful login attempts. |
| LOCAL_USER_UNLOCKED | A local user was unlocked by the BMC Helix SSO administrator or automatically. |
| REQUEST_NEW_OAUTH_INTERNAL_TO_EXTERNAL_EXCHANGE_TOKEN | The OAuth client requests an internal to external token by using the token exchange grant type. |
To view the audit records for a session
To view actions that are related to one session in BMC Helix SSO, perform the following steps:
- On the Audit page, click the
icon next to the action. - To return to the list of all sections, click Back to list .
