Skip to main content

Audit logs

In Arculix, you can view and access real-time audit logs, which include detailed data on the context and results of authentication and workstation events.

Audit log summary view

A list of the most recent authentication events can be found on the Arculix home page.

Each user can see their own activity by selecting Show Logs for Current User. Users who are administrators can view all events for users within their organization by selecting Show Logs for Organization.

The default summary view includes the time, type of event, user, application, and result.


Event types in the audit log

  • Authentication: Login requests via web apps, Credential Provider, RADIUS, etc

  • Continuous Authentication: Logins to additional resources during an authenticated SSO session

  • Workstation Log: Workstation events such as locked, unlocked, paired, logged out, etc

Description types in the audit log

  • MFA Approved: Successful login, approved by the user or automatically via policy

  • Automatically Approve: Continuous authentication approved by the policy engine

  • MFA Expired: Login request expired without being approved

  • MFA Rejected: Login request rejected by the user or due to policy

Audit log details

To view details for each authentication event, click the log entry in the summary list. Different types of information are displayed for different events.

Authentication and continuous authentication

  • LOA Score: Composite Level of Assurance score

  • LOA Breakdown: LOA component scores

  • Applied Policies: Policies applied to this authentication request

  • Description: Detailed context information



  • Description: Workstation event (locked, unlocked, paired, etc)

  • Workstation: Device and user information

  • Current State: Current session state

  • Paired: Workstation pairing status

  • Workstation System Attributes: Detailed information on the workstation and configured settings