Reviewing audit records
As a Remedy Single Sign-On administrator, you can review the audit records for all events performed from administrator and end-user accounts.
Before you begin
For a selected tenant, enable auditing of records for administrators or end users in the Remedy SSO Admin Console. For information about how to enable auditing, see Configuring settings for Remedy SSO administrators.
To view the audit records
- Log in to the Remedy SSO Admin Console as an administrator.
- Click the Audit tab.
By default, the Audit tab shows all logged administrator, end-user actions, or actions of both for the last day. You can filter audit data by a certain date.
The following types of events are recorded on the Audit Events page for administrator actions:
An administrator has successfully logged in to the Remedy SSO Admin Console.
An administrator has logged out from the Remedy SSO Admin Console.
|ADMIN_USER_CREATED||An administrator user was created.|
|ADMIN_USER_DELETED||An administrator user was deleted.|
|ADMIN_USER_PWD_CHANGED||A password of an administrator user was changed.|
|ADMIN_USER_UPDATED||An administrator user was updated.|
|AUDIT_DISABLED||Auditing of administrator actions is disabled.|
|AUDIT_ENABLED||Auditing of administrator is enabled.|
|LAUNCHPAD_CREATED||A launchpad application was added to the Digital Service Management page.|
A launchpad application was deleted from the Digital Service Management page.
|LAUNCHPAD_UPDATED||A launchpad application was updated on the Digital Service Management page.|
|LOCAL_GROUP_CREATED||A local group was created.|
|LOCAL_GROUP_DELETED||A local group was deleted.|
|LOCAL_GROUP_UPDATED||A local group was updated.|
|LOCAL_USER_ADDED_TO_GROUP||A local user was added to a group.|
|LOCAL_USER_CREATED||A local user was created.|
|LOCAL_USER_DELETED||A local user was deleted.|
|LOCAL_USER_PWD_CHANGED||A password for a local user was changed.|
|LOCAL_USER_REMOVED_FROM_GROUP||A local user was removed from a group.|
|LOCAL_USER_UPDATED||A local user was updated.|
|OAUTH_CLIENT_CREATED||An OAuth client was created.|
|OAUTH_CLIENT_DELETED||An OAuth client was deleted.|
|OAUTH_CLIENT_UPDATED||An OAuth client was updated.|
|OAUTH_TOKEN_DELETED||An OAuth token was deleted.|
|OPENID_JWK_CREATED||An OpenID JWK was created.|
|OPENID_JWK_DELETED||An OpenID JWK was deleted.|
This event is generated when an administrator makes the following changes in the Remedy SSO Admin Console:
|TENANT_CREATED||A tenant was created.|
|TENANT_DELETED||A tenant was deleted.|
|TENANT_UPDATED||A tenant was updated.|
|USER_SESSION_DELETED||An end-user session was deleted.|
The following types of events are recorded on the Audit Events page for end-user actions:
|Audit event||Audit description|
|END_USER_AUDIT_ENABLED||Auditing of end-user actions is enabled.|
|END_USER_AUDIT_DISABLED||Auditing of end-user actions is disabled.|
An administrator has failed to log in to the Remedy SSO Admin Console.
An end user has failed to log in.
|SESSION_QUOTA_LIMIT_REACHED||A session quota limit was reached.|
|USER_LOGGED_IN||An end user has successfully logged in.|
|USER_LOGGED_OUT||An end user has successfully logged out.|
|SESSION_EXPIRED||An end-user session expired.|
|REAUTHENTICATION||An end user confirmed an operation by providing their credentials again.|
|AGENT_REGISTERED||A new agent was registered.|
An agent was removed by the application server and the Remedy SSO listener.
|REQUEST_AUTH_CODE||An authorization code was requested.|
|USER_WENT_THROUGH_CONSENT_PAGE||An end user went through the OAuth consent page.|
|REQUESTS_NEW_OAUTH_TOKEN_WITH_AUTH_CODE||An OAuth client requested a new access or refresh token with a code. The initiator (submitter) of this action is the OAuth client because it acts on behalf of the end user.|
|REQUESTS_NEW_OAUTH_TOKEN_WITH_REFRESH_TOKEN||An OAuth client requested a new access or refresh token with a refresh token. The initiator (submitter) of this action is the OAuth client because it acts on behalf of the end user.|
|REQUESTS_NEW_OAUTH_TOKEN_WITH_JWT||An application used the JWT grant type to request an access or refresh token for the particular end user. The initiator (submitter) of this action is the OAuth client because it acts on behalf of the end user.|
|ACCESS_TOKEN_REVOKED||An OAuth client revoked an access token. The initiator (submitter) of this action is the OAuth client because it acts on behalf of the end user.|
|REFRESH_TOKEN_REVOKED||The OAuth client revoked a refresh token. The initiator (submitter) of this action is the OAuth client because it acts on behalf of the end user.|
|AUTH_CODE_EXPIRED||An authorization code expired.|
|OAUTH_TOKEN_EXPIRED||An OAuth token expired. You must clean up the outdated OAuth token.|
|TOKEN_INFO_REQUESTED||An application used an end-user token to get information about the token.|
|TOKEN_USER_GROUPS_REQUESTED||An application used an end-user token to get information about the users groups.|
|USER_LOGGED_IN_NATIVE_APP||A user logged in using an identity provider from the chain configuration by using a native application.|
To view the audit records for a session
To view actions that are related to one session in Remedy SSO, perform the following steps:
Viewing audit records for one session is available only to actions that were created in Remedy SSO version 20.08.
- On the Audit page, click the icon next to the action.
- To return to the list of all sections, click Back to list .
Audit is enabled separately for every tenant, but records related to tenants management are recorded only in the SaaS tenant.