This documentation supports the 20.08 version of Remedy Single Sign-On, which is available only to BMC Helix subscribers (SaaS).

To view an earlier version, select the version from the Product version menu.

Reviewing audit records

As a Remedy Single Sign-On administrator, you can review the audit records for all events performed from administrator and end-user accounts.


Before you begin

For a selected tenant, enable auditing of records for administrators or end users in the Remedy SSO Admin Console. For information about how to enable auditing, see Configuring settings for Remedy SSO administrators.

To view the audit records 

  1. Log in to the Remedy SSO Admin Console as an administrator.
  2. Click the Audit tab.


By default, the Audit tab shows all logged administrator, end-user actions, or actions of both for the last day. You can filter audit data by a certain date. 


The following types of events are recorded on the Audit Events page for administrator actions:

 Audit events for administrator actions

Audit event

Audit description

ADMIN_LOGIN_SUCCESS

An administrator has successfully logged in to the Remedy SSO Admin Console.

ADMIN_LOGOUT

An administrator has logged out from the Remedy SSO Admin Console.

ADMIN_USER_CREATEDAn administrator user was created.
ADMIN_USER_DELETEDAn administrator user was deleted.
ADMIN_USER_PWD_CHANGEDA password of an administrator user was changed.
ADMIN_USER_UPDATEDAn administrator user was updated.
AUDIT_DISABLEDAuditing of administrator actions is disabled.
AUDIT_ENABLEDAuditing of administrator is enabled.
LAUNCHPAD_CREATEDA launchpad application was added to the Digital Service Management page.
LAUNCHPAD_DELETED

A launchpad application was deleted from the Digital Service Management page.

LAUNCHPAD_UPDATEDA launchpad application was updated on the Digital Service Management page.
LOCAL_GROUP_CREATEDA local group was created.
LOCAL_GROUP_DELETEDA local group was deleted.
LOCAL_GROUP_UPDATEDA local group was updated.
LOCAL_USER_ADDED_TO_GROUPA local user was added to a group.
LOCAL_USER_CREATEDA local user was created.
LOCAL_USER_DELETEDA local user was deleted.
LOCAL_USER_PWD_CHANGEDA password for a local user was changed.
LOCAL_USER_REMOVED_FROM_GROUPA local user was removed from a group.
LOCAL_USER_UPDATEDA local user was updated.
OAUTH_CLIENT_CREATEDAn OAuth client was created.
OAUTH_CLIENT_DELETEDAn OAuth client was deleted.
OAUTH_CLIENT_UPDATEDAn OAuth client was updated.
OAUTH_TOKEN_DELETEDAn OAuth token was deleted.
OPENID_JWK_CREATEDAn OpenID JWK was created.
OPENID_JWK_DELETEDAn OpenID JWK was deleted.
RSSO_CONFIG_CHANGED

This event is generated when an administrator makes the following changes in the Remedy SSO Admin Console:

  • Changes to the configuration of the Remedy SSO server, on the General tab.
  • Changes to the realms configuration, on the Realms tab.
TENANT_CREATEDA tenant was created.
TENANT_DELETEDA tenant was deleted.
TENANT_UPDATEDA tenant was updated.
USER_SESSION_DELETEDAn end-user session was deleted.

The following types of events are recorded on the Audit Events page for end-user actions:

 Audit events for end-user actions
Audit eventAudit description
END_USER_AUDIT_ENABLEDAuditing of end-user actions is enabled.
END_USER_AUDIT_DISABLEDAuditing of end-user actions is disabled.
ADMIN_LOGIN_FAILED

An administrator has failed to log in to the Remedy SSO Admin Console.

USER_LOGIN_FAILED

An end user has failed to log in.

SESSION_QUOTA_LIMIT_REACHEDA session quota limit was reached.
USER_LOGGED_INAn end user has successfully logged in.
USER_LOGGED_OUTAn end user has successfully logged out.
SESSION_EXPIREDAn end-user session expired.
REAUTHENTICATIONAn end user confirmed an operation by providing their credentials again.
AGENT_REGISTEREDA new agent was registered.
AGENT_UNREGISTERED

An agent was removed by the application server and the Remedy SSO listener.

REQUEST_AUTH_CODEAn authorization code was requested.
USER_WENT_THROUGH_CONSENT_PAGEAn end user went through the OAuth consent page.
REQUESTS_NEW_OAUTH_TOKEN_WITH_AUTH_CODEAn OAuth client requested a new access or refresh token with a code. The initiator (submitter) of this action is the OAuth client because it acts on behalf of the end user.
REQUESTS_NEW_OAUTH_TOKEN_WITH_REFRESH_TOKENAn OAuth client requested a new access or refresh token with a refresh token. The initiator (submitter) of this action is the OAuth client because it acts on behalf of the end user.
REQUESTS_NEW_OAUTH_TOKEN_WITH_JWTAn application used the JWT grant type to request an access or refresh token for the particular end user. The initiator (submitter) of this action is the OAuth client because it acts on behalf of the end user.
ACCESS_TOKEN_REVOKEDAn OAuth client revoked an access token. The initiator (submitter) of this action is the OAuth client because it acts on behalf of the end user.
REFRESH_TOKEN_REVOKEDThe OAuth client revoked a refresh token. The initiator (submitter) of this action is the OAuth client because it acts on behalf of the end user.
AUTH_CODE_EXPIREDAn authorization code expired.
OAUTH_TOKEN_EXPIREDAn OAuth token expired. You must clean up the outdated OAuth token.
TOKEN_INFO_REQUESTEDAn application used an end-user token to get information about the token.
TOKEN_USER_GROUPS_REQUESTEDAn application used an end-user token to get information about the users groups.
USER_LOGGED_IN_NATIVE_APPA user logged in using an identity provider from the chain configuration by using a native application.

To view the audit records for a session

To view actions that are related to one session in Remedy SSO, perform the following steps:

Important

Viewing audit records for one session is available only to actions that were created in Remedy SSO version 20.08.

  1. On the Audit page, click the  icon next to the action.
  2. To return to the list of all sections, click Back to list .

Important

Audit is enabled separately for every tenant, but records related to tenants management are recorded only in the SaaS tenant.

Was this page helpful? Yes No Submitting... Thank you

Comments