Audit Logs
The eGuardian dashboard provides access to real-time audit logs, which include detailed data on the context and results of authentication and workstation events.
Log Summary View
A list of the most recent authentication events can be found on the eGuardian Dashboard home page. Each user can see their own activity by selecting Show Logs for Current User; users who are administrators can view all events for users within their organization by selecting Show Logs for Organization. The default summary view includes the time, type of event, user, application, and result.
Types of Audit Log Events
Authentication: Login requests via web apps, Credential Provider, RADIUS, etc
Continuous Authentication: Logins to additional resources during an authenticated SSO session
Workstation Log: Workstation events such as locked, unlocked, paired, logged out, etc
Types of Result
MFA Approved: Successful login, approved by the user or automatically via policy
Automatically Approve: Continuous authentication approved by the policy engine
MFA Expired: Login request expired without being approved
MFA Rejected: Login request rejected by the user or due to policy
Audit Log Details
Details for each authentication event can be viewed by clicking on it in the summary list. Different types of information are displayed for different events.
Authentication and Continuous Auth
LOA Score: Composite Level of Assurance score
LOA Breakdown: LOA component scores
Applied Policies: Policies applied to this authentication request
Description: Detailed context information
Workstation
Description: Workstation event (locked, unlocked, paired, etc)
Workstation: Device and user information
Current State: Current session state
Paired: Workstation pairing status
Workstation System Attributes: Detailed information on the workstation and configured settings