Audit logs
In Arculix, you can view and access real-time audit logs, which include detailed data on the context and results of authentication and workstation events.
Audit log summary view
A list of the most recent authentication events can be found on the Arculix home page.
Each user can see their own activity by selecting Show Logs for Current User. Users who are administrators can view all events for users within their organization by selecting Show Logs for Organization.
The default summary view includes the time, type of event, user, application, and result.
 |
Event types in the audit log
Authentication: Login requests via web apps, Credential Provider, RADIUS, etc
Continuous Authentication: Logins to additional resources during an authenticated SSO session
Workstation Log: Workstation events such as locked, unlocked, paired, logged out, etc
Description types in the audit log
MFA Approved: Successful login, approved by the user or automatically via policy
Automatically Approve: Continuous authentication approved by the policy engine
MFA Expired: Login request expired without being approved
MFA Rejected: Login request rejected by the user or due to policy
Audit log details
To view details for each authentication event, click the log entry in the summary list. Different types of information are displayed for different events.
Authentication and continuous authentication
LOA Score: Composite Level of Assurance score
LOA Breakdown: LOA component scores
Applied Policies: Policies applied to this authentication request
Description: Detailed context information
 |
 |
Workstation
Description: Workstation event (locked, unlocked, paired, etc)
Workstation: Device and user information
Current State: Current session state
Paired: Workstation pairing status
Workstation System Attributes: Detailed information on the workstation and configured settings
 |