Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
Last revision Both sides next revision
devel:documentation:audit [2019/02/01 13:01]
kotisovam admin guide section 		devel:documentation:audit [2019/02/28 07:44]
kopro [Login audit]
Line 22: Line 22:
  
 CzechIdM also audit all changes on relations between those entities, e.g. Identities and their Contracts. There is also an enhanced filter that is advised to use when searching for particular changes. CzechIdM also audit all changes on relations between those entities, e.g. Identities and their Contracts. There is also an enhanced filter that is advised to use when searching for particular changes.
 +
 +===== Login audit =====
 +
 +The audit for login contains information about user successful and failed logins. Each audit record contains information about:
 +  * Identity (only in global agenda),
 +  * result from login (failed/success),
 +  * login date,
 +  * number of unsuccessful attempts,
 +  * required password change,
 +  * valid password from,
 +  * valid password to,
 +  * password blocked to.
 +
 +<note tip>When user (not admin, or user with permission change password to another users) change password itself, is during this change logout and login. This information is now available in audit of password change and in login audit.</note>
 +
 +{{ :devel:documentation:loginaudit.png |}}
 +
 +===== Password change audit =====
 +
 +Audit contains information about password changes. The audit is not composed by classic audit records but from password history records. Same history records are used for check history password.
 +
 +<note important>This audit store data only about password changes done against CzechIdM. When user change password only against end system (eq AD, LDAP, ...) the audit for password change will be empty</note>
 +
 +{{ :devel:documentation:passwordchangeaudit.png |}}
 +
 +===== Add or removed roles audit =====
 +
 +Audit contains information about added, removed and changed roles that is assigned to user. This audit agenda doesn't show role parameters.
 +
 +{{ :devel:documentation:identityroleaudit.png |}}
  
 ===== Provisioning audit ===== ===== Provisioning audit =====
Line 44: Line 74:
   * [[tutorial:adm:audit_workflow| Audit - what state is my workflow in?]]   * [[tutorial:adm:audit_workflow| Audit - what state is my workflow in?]]
  
-===== Admin guide (to be completed) ===== +===== Admin guide ===== 
-  * [[.adm:audit|Audit overview]]+(to be deleted)
  
 ===== Devel guide ===== ===== Devel guide =====
   * [[.audit:dev:audit|]]   * [[.audit:dev:audit|]]
   * [[.audit:dev:logging|]]   * [[.audit:dev:logging|]]
  • by kotisovam