×
 
 
  •  
$helper.renderConfluenceMacro('{bmc-global-announcement:$space.key}')

 

This documentation supports the 22.1 version of BMC Helix Single Sign-On, which is available only to BMC Helix customers (SaaS). 

To view an earlier version, select the version from the Product version menu.
BMC Helix Single Sign-On 22.1 Administering

Reviewing audit records

As a BMC Helix Single Sign-On administrator, you can review the audit records for all events performed from administrator and end-user accounts.


Before you begin

For a selected tenant, enable auditing of records for administrators or end users in the BMC Helix SSO Admin Console. For information about how to enable auditing, see Configuring settings for BMC Helix SSO administrators.

To view the audit records 

  1. Log in to the BMC Helix SSO Admin Console as an administrator.
  2. Click the Audit tab.


By default, the Audit tab shows all logged administrator, end-user actions, or actions of both for the last day. You can filter audit data by a certain date. 


The following types of events are recorded on the Audit Events page for administrator actions:

Audit event

Audit description

ADMIN_LOGIN_SUCCESS

An administrator has successfully logged in to the BMC Helix SSO Admin Console.

ADMIN_LOGOUT

An administrator has logged out from the BMC Helix SSO Admin Console.

ADMIN_USER_CREATEDAn administrator user was created.
ADMIN_USER_DELETEDAn administrator user was deleted.
ADMIN_USER_PWD_CHANGEDA password of an administrator user was changed.
ADMIN_USER_UPDATEDAn administrator user was updated.
AUDIT_DISABLEDAuditing of administrator actions is disabled.
AUDIT_ENABLEDAuditing of administrator is enabled.
LAUNCHPAD_CREATEDA launchpad application was added to the Digital Service Management page.
LAUNCHPAD_DELETED

A launchpad application was deleted from the Digital Service Management page.

LAUNCHPAD_UPDATEDA launchpad application was updated on the Digital Service Management page.
LOCAL_GROUP_CREATEDA local group was created.
LOCAL_GROUP_DELETEDA local group was deleted.
LOCAL_GROUP_UPDATEDA local group was updated.
LOCAL_USER_ADDED_TO_GROUPA local user was added to a group.
LOCAL_USER_CREATEDA local user was created.
LOCAL_USER_DELETEDA local user was deleted.
LOCAL_USER_PWD_CHANGEDA password for a local user was changed.
LOCAL_USER_REMOVED_FROM_GROUPA local user was removed from a group.
LOCAL_USER_UPDATEDA local user was updated.
LOCAL_USER_UNLOCKED_BY_ADMIN

A local user was unlocked by the BMC Helix SSO administrator.

LOCAL_USER_UNLOCKED_BY_SYSTEMA local user was unlocked automatically after the lockout interval expires.
OAUTH_CLIENT_CREATEDAn OAuth client was created.
OAUTH_CLIENT_DELETEDAn OAuth client was deleted.
OAUTH_CLIENT_UPDATEDAn OAuth client was updated.
OAUTH_TOKEN_DELETEDAn OAuth token was deleted.
OPENID_JWK_CREATEDAn OpenID JWK was created.
OPENID_JWK_DELETEDAn OpenID JWK was deleted.
RSSO_CONFIG_CHANGED

This event is generated when an administrator makes the following changes in the BMC Helix SSO Admin Console:

  • Changes to the configuration of the BMC Helix SSO server, on the General tab.
  • Changes to the realms configuration, on the Realms tab.
  • Changes to the local users configuration on the Local User tab.
CONFIG_EXPORTEDServer configuration was exported.
CONFIG_IMPORTEDServer configuration was imported.
TENANT_CREATEDA tenant was created.
TENANT_DELETEDA tenant was deleted.
TENANT_UPDATEDA tenant was updated.
USER_SESSION_DELETEDAn end-user session was deleted.
LOCAL_USER_REG_PENDING_DELETEDA nonconfirmed user was deleted.
LOCAL_USER_REG_PENDINGA request to create a local user by the end user.
LOCAL_USER_REG_COMPLETEDLocal user registration is completed.
LOCAL_USER_REG_REQUEST_EXPIREDA request to create a local user was expired and cleaned up.

The following types of events are recorded on the Audit Events page for end-user actions:

Audit eventAudit description
END_USER_AUDIT_ENABLEDAuditing of end-user actions is enabled.
END_USER_AUDIT_DISABLEDAuditing of end-user actions is disabled.
ADMIN_LOGIN_FAILED

An administrator has failed to log in to the BMC Helix SSO Admin Console.

USER_LOGIN_FAILED

An end user has failed to log in.

SESSION_QUOTA_LIMIT_REACHEDA session quota limit was reached.
USER_LOGGED_INAn end user has successfully logged in.
USER_LOGGED_OUTAn end user has successfully logged out.
SESSION_EXPIREDAn end-user session expired.
REAUTHENTICATIONAn end user confirmed an operation by providing their credentials again.
AGENT_REGISTEREDA new agent was registered.
AGENT_UNREGISTERED

An agent was removed by the application server and the BMC Helix SSO listener.

REQUEST_AUTH_CODEAn authorization code was requested.
USER_WENT_THROUGH_CONSENT_PAGEAn end user went through the OAuth consent page.
REQUESTS_NEW_OAUTH_TOKEN_WITH_AUTH_CODEAn OAuth client requested a new access or refresh token with a code. The initiator (submitter) of this action is the OAuth client because it acts on behalf of the end user.
REQUESTS_NEW_OAUTH_TOKEN_WITH_REFRESH_TOKENAn OAuth client requested a new access or refresh token with a refresh token. The initiator (submitter) of this action is the OAuth client because it acts on behalf of the end user.
REQUESTS_NEW_OAUTH_TOKEN_WITH_JWTAn application used the JWT grant type to request an access or refresh token for the particular end user. The initiator (submitter) of this action is the OAuth client because it acts on behalf of the end user.
ACCESS_TOKEN_REVOKEDAn OAuth client revoked an access token. The initiator (submitter) of this action is the OAuth client because it acts on behalf of the end user.
REFRESH_TOKEN_REVOKEDThe OAuth client revoked a refresh token. The initiator (submitter) of this action is the OAuth client because it acts on behalf of the end user.
AUTH_CODE_EXPIREDAn authorization code expired.
OAUTH_TOKEN_EXPIREDAn OAuth token expired. You must clean up the outdated OAuth token.
TOKEN_INFO_REQUESTEDAn application used an end-user token to get information about the token.
TOKEN_USER_GROUPS_REQUESTEDAn application used an end-user token to get information about the users groups.
USER_LOGGED_IN_NATIVE_APPA user logged in using an identity provider from the chain configuration by using a native application.
LOCAL_USER_CHANGED_OWN_PWD A local user changed password per forced password reset.
LOCAL_USER_LOCKEDA local user was locked after unsuccessful login attempts.
LOCAL_USER_UNLOCKED

A local user was unlocked by the BMC Helix SSO administrator or automatically.

REQUEST_NEW_OAUTH_INTERNAL_TO_EXTERNAL_EXCHANGE_TOKENThe OAuth client requests an internal to external token by using the token exchange grant type.

To view the audit records for a session

To view actions that are related to one session in BMC Helix SSO, perform the following steps:

Important

Viewing audit records for one session is available only to actions that were created in BMC Helix SSO version 21.02.

  1. On the Audit page, click the  icon next to the action.
  2. To return to the list of all sections, click Back to list .

Important

Audit is enabled separately for every tenant, but records related to tenants management are recorded only in the SaaS tenant.

Was this page helpful? Yes No Submitting... Thank you
Last modified by Olha Horbachuk on Jan 27, 2022
help_audit task administering reference audit

Comments

Log in or register to comment.

Transferring data between BMC Helix SSO servers
Configuring infinite user sessions
© Copyright 2013 - 2022 BMC Software, Inc.
Legal notices

Powered by Atlassian Confluence and Scroll Viewport

© Copyright 2005-2024 BMC Software, Inc. Use of this site signifies your acceptance of BMC’s Terms of Use . BMC, the BMC logo, and other BMC marks are assets of BMC Software, Inc. These trademarks are registered and may be registered in the U.S. and in other countries.